Lucene search
Veracode Vulnerability DatabaseVERACODE:36209HistoryJun 30, 2022 - 4:11 a.m.
Stored Cross-Site Scripting (XSS)
2022-06-3004:11:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
cross-site scripting
javascript
remote attacker
xmlhttprequest
authenticated
silverstripe/framework
EPSS
0.001
Percentile
22.7%
silverstripe/framework is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize user inputs through links and iframes, allowing a remote authenticated attacker to inject and execute malicious javascript via XMLHttpRequest (XHR).
References
github.com/advisories/GHSA-rppc-655v-7j3c
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-28803.yaml
github.com/silverstripe/silverstripe-framework/commit/d2c58f3bbc03846c460acddd38203387cd06416c
github.com/silverstripe/silverstripe-framework/pull/10374
silverstripe.org
www.silverstripe.org/download/security-releases/cve-2022-28803
Related
friendsofphp
friendsofphp
CVE-2022-28803: Stored XSS in link tags added via XHR
2022-06-27 05:27:00
cvelist
cvelist
CVE-2022-28803
2022-06-29 00:50:16
osv
osv
Stored XSS in link tags added via XHR in SilverStripe Framework
2022-06-29 22:12:39
CVE-2022-28803
2022-06-29 01:15:07
BIT-silverstripe-2022-28803
2024-03-06 11:05:00
github
github
Stored XSS in link tags added via XHR in SilverStripe Framework
2022-06-29 22:12:39
Stored XSS using uppercase characters in HTMLEditor
2022-11-21 23:59:38
prion
prion
Cross site scripting
2022-06-29 01:15:00
nvd
nvd
CVE-2022-28803
2022-06-29 01:15:07
cve
cve
CVE-2022-28803
2022-06-29 01:15:07