CVE-2020-9311

Cross-site Scripting in packagist/silverstripe/framework

Identifiers

CVE-2020-9311

Package Slug

packagist/silverstripe/framework

Vulnerability

Cross-site Scripting

Description

In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

Affected Versions

All versions starting from 3.0.0 before 3.7.5

Solution

Upgrade to version 3.7.5 or above.

Last Modified

2020-07-28

source