Silverstripe silverstripe/framework up to and including 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe framework |