tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
ad1b00ec7d
silverstripe-framework/tests
History
Serge Latyntcev ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
..
behat Fix linting 2019-03-20 13:19:10 +13:00
bootstrap BUG Fix incorrect assets created when ASSETS_PATH !== BASE_PATH . '/assets' 2018-02-26 13:12:08 +13:00
php [CVE-2019-19325] XSS through non-scalar FormField attributes 2020-02-17 09:58:29 +13:00
bootstrap.php API Refactor bootstrap, request handling 2017-06-22 22:50:45 +12:00
dump_constants.php ENHANCEMENT Log user constants during CI for debugging improvements 2017-08-23 14:23:33 +12:00
phpcs_runner.php Apply PSR2 / Namespace to remaining admin / tests 2016-12-19 16:08:19 +13:00