5 matches found
Cross Site Scripting (XSS)
silverstripe/cms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper escaping of HTML input in the textfields of pages referred to by VirtualPage, which allows an attacker inject and execute arbitrary JavaScript in the browser...
Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...
GHSA-R97R-64VP-FGHM Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...
PT-2024-40450 · Unknown · Virtualpage
Name of the Vulnerable Software and Affected Versions: VirtualPage affected versions not specified Description: A cross-site scripting issue has been found in the VirtualPage class. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any of the text fields of a...
SS-2015-005: VirtualPage XSS
More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-005/...