CVE-2020-9311
published 2020-07-15CVE-2020-9311: In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.56%
42.2th percentile
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silverstripe | cms | 0 – 4.5.0 | — |
| silverstripe | framework | >= 3.0.0 < 3.7.5 | 3.7.5 |
| silverstripe | silverstripe | >= 3.0.0 < 3.7.5 | 3.7.5 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Silverstripe CMS XSS Vulnerability
ghsa·2022-05-24
CVE-2020-9311 [MEDIUM] CWE-79 Silverstripe CMS XSS Vulnerability
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
OSV
Silverstripe CMS XSS Vulnerability
osv·2022-05-24
CVE-2020-9311 [MEDIUM] Silverstripe CMS XSS Vulnerability
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-15
Published