silverstripe-framework/docs/en/04_Changelogs
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
..
_images Restructure of the docs markdown source files into more logical taxonomy 2014-12-17 15:48:35 +13:00
alpha Removed old changelogs (fixes #8035) 2018-05-30 16:07:21 +12:00
beta Added 4.2.0-beta1 changelog 2018-06-15 15:47:03 +12:00
rc Added 4.4.0-rc1 changelog 2019-05-06 15:01:01 +12:00
3.6.7.md Added 3.6.7 changelog 2019-02-19 08:35:57 +07:00
3.7.3.md Added 3.7.3 changelog 2019-02-19 08:36:17 +07:00
4.0.0.md DOCS File migration changes for 4.4.0 (#8910) 2019-04-30 08:59:25 +12:00
4.0.1.md Added 4.0.1 changelog 2017-12-07 13:46:52 +13:00
4.0.2.md Remove security releases from 4.0.1 2018-01-25 14:40:07 +13:00
4.0.3.md Added 4.0.3 changelog 2018-02-05 17:10:00 +13:00
4.0.4.md Updated 4.0.4 changelog 2018-05-24 13:51:21 +12:00
4.0.5.md Added 4.0.5 changelog 2018-11-09 11:09:07 +13:00
4.0.6.md Add changelog 2018-12-12 13:47:17 +13:00
4.0.7.md Added 4.0.7 changelog 2019-02-12 21:10:53 +13:00
4.1.0.md Removed duplicate upgrade instructions 2018-06-27 15:17:06 +12:00
4.1.1.md Added 4.1.1 changelog 2018-05-24 16:52:15 +12:00
4.1.2.md Added 4.1.2 changelog 2018-06-19 17:06:01 +12:00
4.1.3.md Added 4.1.3 changelog 2018-11-07 22:38:52 +13:00
4.1.4.md Add changelog 2018-12-12 14:11:21 +13:00
4.1.5.md Added 4.1.5 changelog 2019-02-12 20:51:18 +13:00
4.2.0.md Merge branch '4.2' into 4.3 2019-02-19 08:39:59 +07:00
4.2.1.md Added 4.2.1 changelog 2018-07-30 14:12:55 +00:00
4.2.2.md Added 4.2.2 changelog 2018-11-07 19:12:38 +13:00
4.2.3.md Add changelog 2018-12-12 14:21:23 +13:00
4.2.4.md Added 4.2.4 changelog 2019-02-19 13:43:45 +13:00
4.2.5.md Added 4.2.5 changelog 2019-06-10 22:48:57 +12:00
4.3.0.md DOC Clarify testing cache behaviour changes in 4.3 2018-12-18 16:19:36 +13:00
4.3.1.md Correct typo and commit hash in 4.3.1 changelog 2019-03-22 09:51:38 +01:00
4.3.2.md Add reference to #8815 in change log 2019-03-06 11:13:02 +13:00
4.3.3.md Added 4.3.3 changelog 2019-03-19 16:22:35 +13:00
4.3.4.md Added 4.3.4 changelog 2019-06-10 22:49:06 +12:00
4.3.5.md DOCS: Add docs for versioned files migration 2019-09-24 16:04:22 +12:00
4.3.6.md Added 4.3.6 changelog 2019-09-24 17:20:48 +12:00
4.4.0.md DOCS Remove statement about a strict error when overloading PDOQuery constructor 2019-08-09 09:16:31 +12:00
4.4.1.md Added 4.4.1 changelog 2019-06-10 17:37:24 +12:00
4.4.2.md Added 4.4.2 changelog 2019-08-12 16:08:07 +12:00
4.4.3.md DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
4.4.4.md Added 4.4.4 changelog 2019-09-24 17:05:26 +12:00
4.4.5.md [CVE-2019-19325] XSS through non-scalar FormField attributes 2020-02-17 09:58:29 +13:00
4.5.1.md [CVE-2019-19325] XSS through non-scalar FormField attributes 2020-02-17 09:58:29 +13:00
index.md Update index.md 2015-06-18 19:40:04 +12:00