2 matches found
GHSA-QP29-WCC2-VMPC Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...
Cross-site Scripting (XSS)
silverstripe/framework is vulnerable to cross-site scripting. The vulnerability exists because the $sanitiseserverside attribute in HTMLEditorField.php is false by default, allowing an attacker to inject and execute malicious javascript...