CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:34

Type Values Removed Values Added
References () https://www.silverstripe.org/download/security-releases/cve-2019-19325 - Vendor Advisory () https://www.silverstripe.org/download/security-releases/cve-2019-19325 - Vendor Advisory

Information

Published : 2020-02-17 20:15

Updated : 2024-11-21 04:34


NVD link : CVE-2019-19325

Mitre link : CVE-2019-19325

CVE.ORG link : CVE-2019-19325


JSON object : View

Products Affected

silverstripe

  • silverstripe
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')