14 matches found
CVE-2026-54720
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720
Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...
CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
PT-2026-54846
Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...
Cross-site Scripting (XSS)
Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the insert media functionality where the linked oEmbed JSON includes an HTML attribute which replaces the embed shortcode...
Silverstripe Framework has a XSS via insert media remote file oembed
Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...
GHSA-7CMP-CGG8-4C82 Silverstripe Framework has a XSS via insert media remote file oembed
Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...
PT-2024-11506 · WordPress · Adrotate Banner Manager
Name of the Vulnerable Software and Affected Versions: The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress versions up to, and including, 5.13.2 Description: The issue is related to arbitrary file uploads due to missing file extension sanitization in the adrotate...
GHSA-J696-6M57-MCRV Silverstripe CMS XSS Vulnerability
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
Silverstripe CMS XSS Vulnerability
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
Cross-site Scripting (XSS) Through SVG Documents
silverstripe/installer and silverstripe/framework are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the Insert Media option within the content editor, and the pathname in admin/assests/add allow attackers to insert SVG documents containing arbitrary javascript...
Code injection
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...
CVE-2017-14498
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...