SS-2013-007: XSS in CMS "Security" section

Severity:
Low (?)
Identifier:
 
SS-2013-007
Versions Affected:
 
3.1.0
Versions Fixed:
 
3.1.0-rc3
Release Date:
 
2013-09-24

Certain fields in the "Groups" and "Roles" listings of the "Security" section are vulnerable to persistent cross-site scripting. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.

Reported by Vulnerability Laboratory Evolution

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.