Cross-site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the tinymce.js due to lack of sanitization of user inputs during editing which allows an attacker to inject and execute arbitrary JavaScript into a victims browser...