CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting
- Severity:
- Medium (?)
- Identifier:
- CVE-2021-36150
- Versions Affected:
- silverstripe/admin: ^1.0
- Versions Fixed:
- silverstripe/admin: ^1.8.1, silverstripe/admin: ^1.9.0
- Release Date:
- 2021-10-05
A reflective cross-site-script vulnerability exists where if an unwitting CMS user is tricked into pasting HTML containing script tags into a particular CMS form field, arbitrary javascript can be run inside the users browser.
Base CVSS: 4.0
CWP CVSS: 4.0
