tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #9410 from blueo/patch-1 

Update CVE number to CVE-2019-19325
This commit is contained in:
Serge Latyntsev 2020-02-19 10:15:52 +13:00 committed by GitHub
parent a9598eec3f 765810b013
commit 91f091f418
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/04_Changelogs/4.4.5.md
View File

@ -4,7 +4,7 @@
This release contains security patches
### CVE-2019-1935 (CVSS 7.5)
### CVE-2019-19325 (CVSS 7.5)
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.