17 matches found
CVE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
Cross-site Scripting (XSS)
silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of validation messages in certain FormField classes, which can present invalid content as part of the validation response resulting in XSS...
GHSA-J982-5JV7-V43R Silverstripe Form field validation message XSS vulnerability
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk...
Silverstripe Form field validation message XSS vulnerability
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk...
BIT-SILVERSTRIPE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
Cross-site Scripting (XSS)
innologi/typo3-appointments is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it outputs to the front-end, allowing an attacker to inject and execute malicious JavaScript via various formfield values...
typo3-appointments vulnerable to Cross-site Scripting
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack...
CVE-2019-25094
A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the atta...
PT-2023-11352 · Unknown · Innologi Appointments Extension
Name of the Vulnerable Software and Affected Versions: innologi appointments Extension versions up to 2.0.5 Description: A problematic vulnerability was found in the innologi appointments Extension, affecting an unknown part of the component Appointment Handler. The manipulation of the formfield...
CVE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
CVE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
Input validation
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
CVE-2020-26138
CVE-2020-26138 affects SilverStripe up to version 4.6.0-rc1, where a FormField with square brackets in the field name can bypass validation. The issue notably involves FileField usage, where array notation may coerce multiple files and bypass validation such as allowed extensions, with potential ...
CVE-2020-26138
In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...
CVE-2020-26138 FormField: with square brackets in field name skips validation
More info at https://www.silverstripe.org/download/security-releases/cve-2020-26138...
Cross site scripting
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...
CVE-2019-19325: XSS through non-scalar FormField attributes
More info at https://www.silverstripe.org/download/security-releases/cve-2019-19325/...