First published: Tue Oct 05 2021(Updated: )
CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/admin | >=1.0.0<1.8.1 | |
Silverstripe silverstripe | >=1.0.0<1.8.1 | |
Silverstripe silverstripe | >1.9.0<=4.8.1 | |
composer/silverstripe/admin | >=1.0.0<1.8.1 | 1.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-36150 is a vulnerability that allows for reflective (self) cross-site scripting in the Insert from files link text feature of the SilverStripe admin package.
The severity of CVE-2021-36150 is considered moderate.
CVE-2021-36150 affects SilverStripe admin package versions 1.0.0 through 1.8.1, allowing for reflective cross-site scripting via the Insert from files link text feature.
Yes, the recommended fix for CVE-2021-36150 is to update to a version of the SilverStripe admin package that is not affected by this vulnerability.
You can find more information about CVE-2021-36150 on the official SilverStripe website: [insert link here]