CVE-2020-9311
packagist/silverstripe/framework
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
All versions starting from 3.0.0 before 3.7.5
Upgrade to version 3.7.5 or above.
2020-07-28
source |