From 765810b013bb389bfecfbb7a63531d566e5e5039 Mon Sep 17 00:00:00 2001 From: Bernard Hamlin <948122+blueo@users.noreply.github.com> Date: Wed, 19 Feb 2020 09:58:12 +1300 Subject: [PATCH] Update CVE number to CVE-2019-19325 --- docs/en/04_Changelogs/4.4.5.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/04_Changelogs/4.4.5.md b/docs/en/04_Changelogs/4.4.5.md index 7ef883e77..990053544 100644 --- a/docs/en/04_Changelogs/4.4.5.md +++ b/docs/en/04_Changelogs/4.4.5.md @@ -4,7 +4,7 @@ This release contains security patches -### CVE-2019-1935 (CVSS 7.5) +### CVE-2019-19325 (CVSS 7.5) Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.