Описание
Silverstripe framework is vulnerable to XSS in install.php
During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.
This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.1.0, < 3.1.14
3.1.14
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79