GHSA-779c-7w4p-2c4g: Silverstripe admin XSS Vulnerability via WYSIWYG editor

May 22, 2024

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml
github.com/advisories/GHSA-779c-7w4p-2c4g
github.com/silverstripe/silverstripe-admin
www.silverstripe.org/download/security-releases/ss-2018-004

Code Behaviors & Features

Detect and mitigate GHSA-779c-7w4p-2c4g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →