6 matches found
EUVD-2022-6088
Malicious code in bioql PyPI...
GHSA-JX34-GQQQ-R6GM Stored XSS via HTML fields in SilverStripe Framework
SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
Stored XSS via HTML fields in SilverStripe Framework
SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
CVE-2022-25238
CVE-2022-25238 affects the SilverStripe Framework up to version 4.10.0, where an authenticated CMS user can inject tokens into script content via XHR, enabling XSS when the cwp-core module is not installed and sanitise_server_side contig is not true. The issue is documented across multiple source...