silverstripe-framework/docs/en/02_Developer_Guides
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
..
00_Model Mention versioned snapshots in the versions documentation (#9057) 2019-06-16 23:52:30 +12:00
01_Templates Update docs/en/02_Developer_Guides/01_Templates/How_Tos/03_Disable_Anchor_Links.md 2019-04-16 22:32:55 +01:00
02_Controllers Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
03_Forms Update path 2019-04-02 12:46:19 +13:00
04_Configuration Change rule names in array example 2018-10-11 10:12:38 -05:00
05_Extending DOC Add more clear instructions on handling upgrade conflicts (#8836) 2019-03-26 16:20:53 +13:00
06_Testing DOC Clarify testing cache behaviour changes in 4.3 2018-12-18 16:19:36 +13:00
07_Debugging DOCS Limitations of publishall 2019-04-10 10:42:49 +12:00
08_Performance DOCS Update HTTP Cache headers docs to include note about testing in dev mode [ci skip] 2019-02-22 10:16:11 +13:00
09_Security [CVE-2019-19325] XSS through non-scalar FormField attributes 2020-02-17 09:58:29 +13:00
10_Email Use environment variables in example SMTP config 2019-04-30 08:59:54 +12:00
11_Integration Update 02_RSSFeed.md 2019-03-23 13:22:37 +00:00
12_Search Removed deprecated tutorials from docs 2017-12-19 11:45:27 +13:00
13_i18n explain resource url usage for add_i18n_javascript (#8761) 2019-01-29 09:00:04 +02:00
14_Files DOCS More detail on queuedjobs file migrations 2019-06-05 15:10:09 +12:00
15_Customising_the_Admin_Interface Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
16_Execution_Pipeline [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
17_CLI [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
18_Cookies_And_Sessions Update 02_Sessions.md 2018-07-21 12:27:12 +02:00
index.md Add introduction files to each of the sections 2014-12-16 11:01:13 +13:00