CVE-2019-12205 — Cross-site Scripting in Admin

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 40.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Silverstripe Admin Silverstripe Framework Silverstripe

Timeline

PublishedSep 25

Latest updateMay 24

Description

SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶Packagistsilverstripe/admin< 1.3.5

▶Packagistsilverstripe/framework3.0.0 — 4.3.5+1

▶NVDsilverstripe/silverstripe4.3.3

🔴Vulnerability Details

2

GHSA

Silverstripe Flash Clipboard Reflected XSS↗2022-05-24

▶

OSV

Silverstripe Flash Clipboard Reflected XSS↗2022-05-24

▶