2 matches found
services.previmeteo.com Cross Site Scripting vulnerability
Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting services.previmeteo.com website and its users. Following...
CVE-2017-14498
CVE-2017-14498 affects SilverStripe CMS before 3.6.1, where an SVG document mishandled during Insert Media or via admin/assets/add allows cross-site scripting. Root cause: improper handling/validation of SVG content leading to script execution in the browser. Impact is XSS; exploitation details a...