3 matches found
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitiseserverside contig is not set to true in project code...
CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...