silverstripe-framework/docs/en/02_Developer_Guides/09_Security
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
..
00_Member.md DOCS Fix broken links and headers 2018-05-03 16:42:52 +01:00
01_Access_Control.md FIX Add namespaces in markdown docs (#7088) 2017-07-03 13:22:12 +12:00
02_Permissions.md Added missing Permission class to example 2019-04-17 02:36:13 +02:00
03_Authentication.md Added Name to example 2017-12-12 14:40:34 +13:00
04_Secure_Coding.md [CVE-2019-19325] XSS through non-scalar FormField attributes 2020-02-17 09:58:29 +13:00
05_Rate_Limiting.md Updated docs for Rate Limiting. 2018-03-09 08:15:11 +13:00
06_Personal_Data.md Cookie lifetime docs 2018-05-21 11:36:53 +12:00
index.md Clean up debugging documentation 2014-12-17 15:48:57 +13:00