4 matches found
Cross-site Scripting (XSS)
silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper handling of key/value pairs in OptionsetField or CheckboxSetField, where default casting is not assigned. This allows an attacker to inject malicious HTML code when either key or value...
GHSA-468J-6JRC-2RJX silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML...
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML...
SS-2016-015: XSS In OptionsetField and CheckboxSetField
More info at https://www.silverstripe.org/download/security-releases/ss-2016-015/...