mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-03 06:38:51 +02:00
ad1b00ec7d
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways. |
||
|---|---|---|
| .. | ||
| _images | ||
| 00_Getting_Started | ||
| 01_Lessons | ||
| 02_Developer_Guides | ||
| 03_Upgrading | ||
| 04_Changelogs | ||
| 05_Contributing | ||
| index.md | ||