Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-qvrv-2x7x-78x2

Опубликовано: 24 фев. 2020
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

Reflected XSS in SilverStripe

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.

Ссылки

Пакеты

Наименование

silverstripe/framework

composer
Затронутые версииВерсия исправления

>= 4.5.0, < 4.5.2

4.5.2

Наименование

silverstripe/framework

composer
Затронутые версииВерсия исправления

>= 4.0.0, < 4.4.5

4.4.5

EPSS

Процентиль: 58%
0.00359
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-19325

Дефекты

CWE-78
CWE-79

Связанные уязвимости

nvd логотип

CVE-2019-19325

CVSS3: 6.1
nvd
почти 6 лет назад

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.

EPSS

Процентиль: 58%
0.00359
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-19325

Дефекты

CWE-78
CWE-79