First published: Tue Jul 14 2020(Updated: )
CVE-2020-9311: Malicious user profile information can cause login form XSS
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=3.0.0<3.7.5 | |
composer/silverstripe/cms | <=4.5.0 | |
Silverstripe silverstripe | >=3.0.0<3.7.5 | |
composer/silverstripe/framework | >=3.0.0<3.7.5 | 3.7.5 |
>=3.0.0<3.7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9311 is a vulnerability in SilverStripe CMS that allows malicious users to exploit XSS through specially crafted login form URLs.
The severity of CVE-2020-9311 is medium with a CVSS score of 5.4.
Versions of SilverStripe CMS up to and including 4.5.0, and SilverStripe framework versions from 3.0.0 to 3.7.5 are affected by CVE-2020-9311.
Malicious users with a valid SilverStripe CMS login can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Yes, a fix is available for CVE-2020-9311. Users should update to the latest version of SilverStripe CMS and SilverStripe framework.