8 matches found
CVE-2025-25197
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
Cross-site Scripting (XSS)
Overview dnadesign/silverstripe-elemental is an Elemental pagetype and collection of Elements Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of user input in the Content blocks in use report. An attacker can execute arbitrary scripting co...
CVE-2025-25197
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
CVE-2025-25197
SilverStripe Elemental vulnerability CVE-2025-25197 affects the Elemental module's handling of content blocks in the "Content blocks in use" report. Affected component: elemental grid field rendering; root cause is failure to cast input before including it in the grid field, which allows an XSS p...
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability i...
PT-2025-15980 · Silverstripe · Silverstripe Elemental
Name of the Vulnerable Software and Affected Versions: Silverstripe Elemental versions prior to 5.3.12 Description: The issue arises from the failure to cast input prior to including it in the grid field, allowing an elemental block to include an XSS payload. This payload can be executed when...