Cross Site Scripting (XSS)

Silverstripe framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to inadequate server-side sanitization of encoded payloads within the file HTMLEditorSanitiser.php, allowing attackers with CMS content editing access to inject JavaScript payloads onto the site's front end...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting.The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of using white space characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...