11 matches found
Tendenci security vulnerabilities
Tendenci is a membership management software developed by Tendenci Inc. in the United States, primarily used by non-profit organizations and associations. This software supports functions such as member management, content management, event management, and online donation management. Version 12.3...
EUVD-2025-0082
Malicious code in bioql PyPI...
CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. The...
CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. The...
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitise...
GHSA-FF6Q-3C9C-6CF5 Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitise...
Cross-site Scripting (XSS)
Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the inclusion of user-supplied data in form messages without proper sanitization. An attacker can manipulate the conten...
CVE-2024-53277 - XSS in form messages
More info at https://www.silverstripe.org/download/security-releases/cve-2024-53277...
PT-2025-2953 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 5.3.8 Description: The Silverstripe Framework, a PHP framework powering the Silverstripe CMS, has an intentional feature allowing form messages to contain HTML markup for links and other relevant...
Silverstripe Framework 跨站脚本漏洞
Silverstripe Framework is an open source CMS website framework from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Framework, which stems from content not being properly sanitized before being included in a form message...
PT-2024-37475 · WordPress · Html Forms
Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33 Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting XSS attacks. This is possible because the plugin does not properly sanitiz...