Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/04/12 1:43 p.m.18 views

CVE-2025-25197

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS5.9AI score0.0025EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/10 1:38 p.m.2 views

Cross-site Scripting (XSS)

Overview dnadesign/silverstripe-elemental is an Elemental pagetype and collection of Elements Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of user input in the Content blocks in use report. An attacker can execute arbitrary scripting co...

6.1CVSS5.5AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2025/04/10 1:15 p.m.15 views

CVE-2025-25197

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS0.0025EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/10 12:58 p.m.8 views

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS6AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2025/04/10 12:58 p.m.69 views

CVE-2025-25197

SilverStripe Elemental vulnerability CVE-2025-25197 affects the Elemental module's handling of content blocks in the "Content blocks in use" report. Affected component: elemental grid field rendering; root cause is failure to cast input before including it in the grid field, which allows an XSS p...

5.4CVSS5.3AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/10 12:58 p.m.18 views

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS0.0025EPSS
Exploits0References3
OSV
OSV
added 2025/04/10 12:58 p.m.10 views

CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports

Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...

5.4CVSS6AI score0.0025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.4 views

PT-2025-15980 · Silverstripe · Silverstripe Elemental

Name of the Vulnerable Software and Affected Versions: Silverstripe Elemental versions prior to 5.3.12 Description: The issue arises from the failure to cast input prior to including it in the grid field, allowing an elemental block to include an XSS payload. This payload can be executed when...

5.4CVSS5.5AI score0.0025EPSS
Exploits0References14
Rows per page
Query Builder