Количество 2
Количество 2
CVE-2020-25102
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.
GHSA-8f2x-hv9r-mh9r
silverstripe-advancedreports vulnerable to XSS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-25102 silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter. | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| GHSA-8f2x-hv9r-mh9r silverstripe-advancedreports vulnerable to XSS | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу