CVE-2017-14498: Cross-site Scripting

September 15, 2017 (updated November 2, 2017)

SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname.

References

docs.silverstripe.org/en/3/changelogs/3.6.1
nvd.nist.gov/vuln/detail/CVE-2017-14498

Detect and mitigate CVE-2017-14498 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →