tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

[CVE-2020-9311] Add public disclosure statement to changelog

Browse Source
This commit is contained in:
Maxime Rainville 2020-07-09 22:26:40 +12:00
parent 074b28cf93
commit c96e9d2fe5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/en/04_Changelogs/3.7.5.md
View File

@ -1,6 +1,7 @@
# 3.7.5
* [CVE-2019-19326 Web Cache Poisoning](#CVE-2019-19326)
* [CVE-2020-9311 Malicious user profile information can cause login form XSS](#CVE-2020-9311)
## CVE-2019-19326 Web Cache Poisoning {#CVE-2019-19326}
@ -63,6 +64,15 @@ To learn more about middleware:
* read the [PSR-15: HTTP Server Request Handlers](https://www.php-fig.org/psr/psr-15/) standard
* read the [Silverstripe 4 documentation about HTTP Middlewares](https://docs.silverstripe.org/en/4/developer_guides/controllers/middlewares/) standard.
[Review the CVE-2019-19326 public disclosure](https://www.silverstripe.org/download/security-releases/cve-2019-19326)
## CVE-2020-9311 Malicious user profile information can cause login form XSS {#CVE-2020-9311}
Malicious users with a valid Silverstripe login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
[Review the CVE-2020-9311 public disclosure](https://www.silverstripe.org/download/security-releases/cve-2020-9311)
<!--- Changes below this line will be automatically regenerated -->
<!--- Changes above this line will be automatically regenerated -->