3 matches found
CVE-2017-5197
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element...
CVE-2017-5197
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element...
CVE-2017-5197
CVE-2017-5197 affects SilverStripe CMS prior to 3.4.4 and 3.5.x prior to 3.5.2. The issue is a stored XSS in the page-name handling, where a crafted payload (e.g., a malformed SVG containing a JavaScript event handler) can be injected into a page name and executed in the user’s context. The attac...