Описание
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.4.0-rc1, < 3.4.6
3.4.6
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.5.0-rc1, < 3.5.4
3.5.4