[CVE-2020-9311] Add public disclosure statement to changelog

docs/en/04_Changelogs/3.7.5.md

@@ -1,6 +1,7 @@
 # 3.7.5
 
 * [CVE-2019-19326 Web Cache Poisoning](#CVE-2019-19326)
+* [CVE-2020-9311 Malicious user profile information can cause login form XSS](#CVE-2020-9311)
 
 ## CVE-2019-19326 Web Cache Poisoning {#CVE-2019-19326}
 
@@ -63,6 +64,15 @@ To learn more about middleware:
 * read the [PSR-15: HTTP Server Request Handlers](https://www.php-fig.org/psr/psr-15/) standard
 * read the [Silverstripe 4 documentation about HTTP Middlewares](https://docs.silverstripe.org/en/4/developer_guides/controllers/middlewares/) standard.
 
+[Review the CVE-2019-19326 public disclosure](https://www.silverstripe.org/download/security-releases/cve-2019-19326)
+
+## CVE-2020-9311 Malicious user profile information can cause login form XSS {#CVE-2020-9311}
+
+Malicious users with a valid Silverstripe login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
+
+[Review the CVE-2020-9311 public disclosure](https://www.silverstripe.org/download/security-releases/cve-2020-9311)
+
+
 <!--- Changes below this line will be automatically regenerated -->
 
 <!--- Changes above this line will be automatically regenerated -->