3 matches found
CVE-2022-37430
CVE-2022-37430 affects SilverStripe framework up to version 4.11. The issue is an XSS in the HTMLEditor sanitiser, where uppercase attributes in the href attribute of links can be exploited to inject JavaScript. Root cause is related to how the href attribute is handled in sanitisation (uppercase...
CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...
CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37430...