silverstripe-framework

tonyair/silverstripe-framework

Fork 0

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-30 07:26:21 +02:00

Commit Graph

Author	SHA1	Message	Date
Bernard Hamlin	765810b013	Update CVE number to CVE-2019-19325	2020-02-19 09:58:12 +13:00
Maxime Rainville	a9598eec3f	Added 4.4.5 changelog	2020-02-17 14:02:57 +13:00
Serge Latyntcev	ad1b00ec7d	[CVE-2019-19325] XSS through non-scalar FormField attributes Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.	2020-02-17 09:58:29 +13:00

Author

SHA1

Message

Date

Bernard Hamlin

765810b013

Update CVE number to CVE-2019-19325

2020-02-19 09:58:12 +13:00

Maxime Rainville

a9598eec3f

Added 4.4.5 changelog

2020-02-17 14:02:57 +13:00

Serge Latyntcev

ad1b00ec7d

[CVE-2019-19325] XSS through non-scalar FormField attributes

Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.

2020-02-17 09:58:29 +13:00

3 Commits