4 matches found
Cross-site Scripting(XSS)
silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization or encoding of user-input data when it is displayed in TreeDropdownField and TreeMultiSelectField, which allows an attacker to execute malicious JavaScript code...
GHSA-R32J-MR8P-HFP8 Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...
SS-2015-004: TreeDropdownField and TreeMultiSelectField XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-004/...