Vulnerability Database

296,147

Total vulnerabilities in the database

Silverstripe admin XSS Vulnerability via WYSIWYG editor

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Composer icon silverstripe / admin 1.0.3 1.0.4
Composer icon silverstripe / admin 1.1.0 1.1.1