In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
silverstripe silverstripe