Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
Advisories for Composer/Silverstripe/Asset-Admin package
2022