Описание
Stored XSS in link tags added via XHR in SilverStripe Framework
SilverStripe Framework 4.x prior to 4.10.9 is vulnerable to cross-site scripting inside the href attribute of an HTML hyperlink, which can be added to website content via XMLHttpRequest (XHR) by an authenticated CMS user.
Пакеты
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.10.9
4.10.9
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).