CVE-2017-14498

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.

silverstripe/silverstripe-framework
silverstripe/silverstripe-framework
Silverstripe Framework, the MVC framework that powers Silverstripe CMS
GitHubGitHub
722
silverstripe/silverstripe-installer
silverstripe/silverstripe-installer
The installer for Silverstripe CMS and Framework. Check out this repository to start working with Silverstripe!
GitHubGitHub
169