mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge branch '4.5' into 4
This commit is contained in:
commit
6c39962b7a
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
This release contains security patches
|
This release contains security patches
|
||||||
|
|
||||||
### CVE-2019-1935 (CVSS 7.5)
|
### CVE-2019-19325 (CVSS 7.5)
|
||||||
|
|
||||||
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.
|
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user