First published: Mon Mar 06 2017(Updated: )
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/cms | >=3.5.0<3.5.2 | 3.5.2 |
composer/silverstripe/cms | <3.4.4 | 3.4.4 |
Silverstripe silverstripe | <=3.4.3 | |
Silverstripe silverstripe | =3.5.0 | |
Silverstripe silverstripe | =3.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.