Описание
Silverstripe XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.
An attacker could create a URL and share it with a site administrator to perform an attack.
Ссылки
- https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml
- https://github.com/silverstripe/silverstripe-framework/commits/3.3.2
- https://www.silverstripe.org/download/security-releases/ss-2016-004
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.1.18, < 3.1.19
3.1.19
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.2.3, < 3.2.4
3.2.4
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.3.1, < 3.3.2
3.3.2
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79