silverstripe-framework

tonyair/silverstripe-framework

Fork 0

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-08 02:31:35 +02:00

Commit Graph

Author	SHA1	Message	Date
Maxime Rainville	5fd16cd7e1	Add 4.5.1 changelog	2020-02-17 17:47:23 +13:00
Serge Latyntcev	ad1b00ec7d	[CVE-2019-19325] XSS through non-scalar FormField attributes Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.	2020-02-17 09:58:29 +13:00

Author

SHA1

Message

Date

Maxime Rainville

5fd16cd7e1

Add 4.5.1 changelog

2020-02-17 17:47:23 +13:00

Serge Latyntcev

ad1b00ec7d

[CVE-2019-19325] XSS through non-scalar FormField attributes

Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.

2020-02-17 09:58:29 +13:00

2 Commits