In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
References
Link | Resource |
---|---|
https://www.silverstripe.org/download/security-releases/ | Vendor Advisory |
https://www.silverstripe.org/blog/tag/release | Release Notes Vendor Advisory |
https://www.silverstripe.org/download/security-releases/CVE-2019-14272 | Vendor Advisory |
https://forum.silverstripe.org/c/releases | Release Notes Vendor Advisory |
Configurations
Information
Published : 2019-09-26 05:15
Updated : 2019-09-26 11:53
NVD link : CVE-2019-14272
Mitre link : CVE-2019-14272
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
silverstripe
- silverstripe