7 matches found
CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...
CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...
Design/Logic Flaw
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...
CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 3 via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view...
CVE-2022-38145
CVE-2022-38145 concerns stored XSS in SilverStripe’s versioned admin/compare view. Multiple connected sources describe that an attacker with CMS access can inject a Javascript payload by placing it in a page’s meta description, which then executes when viewing the version history compare. The mos...
GHSA-66JF-XM2M-7M8R Stored XSS in Compare Mode
A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that...
PT-2022-24237 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows remote attackers to execute a Javascript payload in the versioned history compare view by adding it to a page's meta description. This can be done by a...