4 matches found
CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...
CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...
CVE-2022-38462
CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...
CVE-2022-38462 - Reflected XSS in querystring parameters
More info at https://www.silverstripe.org/download/security-releases/cve-2022-38462...