6 matches found
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest XHR...
Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
CVE-2022-28803
CVE-2022-28803 concerns the SilverStripe Framework (through 2022-04-07) where a Stored XSS vulnerability can occur in javascript link tags added via XMLHttpRequest (XHR). The issue is triggered by content added to the page that includes a javascript: link tag, enabling script execution in the con...
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest XHR...
CVE-2022-28803: Stored XSS in link tags added via XHR
More info at https://www.silverstripe.org/download/security-releases/cve-2022-28803...