SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.
References
Link | Resource |
---|---|
https://www.silverstripe.org/download/security-releases/cve-2019-19325 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-02-17 20:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19325
Mitre link : CVE-2019-19325
CVE.ORG link : CVE-2019-19325
JSON object : View
Products Affected
silverstripe
- silverstripe
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')