logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2019-19325 silverstripe/framework

Package

Manager: composer
Name: silverstripe/framework
Vulnerable Version: >=4.5.0 <4.5.2 || >=4.0.0 <4.4.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00359 pctl0.57367

Details

Reflected XSS in SilverStripe SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user&amp;#39;s credentials or other sensitive user input.

Metadata

Created: 2020-02-24T17:33:31Z
Modified: 2024-02-06T17:33:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-qvrv-2x7x-78x2/GHSA-qvrv-2x7x-78x2.json
CWE IDs: ["CWE-78", "CWE-79"]
Alternative ID: GHSA-qvrv-2x7x-78x2
Finding: F008
Auto approve: 1