Identifier

CVE-2020-25102

Package Slug

packagist/silverstripe-australia/advancedreports

Vulnerability

Cross-site Scripting

Description

The Advanced Reports module for SilverStripe is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. This affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (report preview) when an SVG document is provided in the Description parameter.

Affected Versions

All versions starting from 1.0 up to 2.0

Solution

Upgrade to version 2.2.0 or above.

Last Modified

2020-09-11

source