2 matches found
CVE-2019-19325
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...
CVE-2019-19325
SilverStripe is affected by a Reflected XSS vulnerability in login and certain forms due to non-scalar FormField attributes enabling insertion of HTML/JavaScript. Affected versions are 4.4.x before 4.4.5 and 4.5.x before 4.5.2. Impact includes possible credential or sensitive input exposure via p...