Commit Graph

4 Commits

Author SHA1 Message Date
Lukas
552cf5944d
MNT Fix various typos with codespell (#10177) 2021-12-13 21:05:33 +13:00
Bernard Hamlin
765810b013
Update CVE number to CVE-2019-19325 2020-02-19 09:58:12 +13:00
Maxime Rainville
a9598eec3f Added 4.4.5 changelog 2020-02-17 14:02:57 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00