CVE-2020-25102

Published September 3rd, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.

nyeholt/silverstripe-advancedreports

A reporting module that provides an extra level of configuration and functionality over the base silverstripe structures. Generates static output content in HTML, CSV and PDF formats

GitHub