Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2020-9311 Malicious user profile information can cause login form XSS

Severity:
Medium (?)
Identifier:
CVE-2020-9311
Versions Affected:
silverstripe/framework: ^3.0
Versions Fixed:
silverstripe/framework: 3.7.5
Release Date:
2020-07-13

Malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

Base CVSS: 4.6

CWP CVSS: 4.6

Reporter: Devi Prasad, Application Security, Ceva Logistics