Veracode Vulnerability DatabaseVERACODE:48120Cross Site Scripting (XSS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
Silverstripe framework is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to inadequate server-side sanitization of encoded payloads within the file HTMLEditorSanitiser.php, allowing attackers with CMS content editing access to inject JavaScript payloads onto the site’s front end.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High