Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting

Severity:
Medium (?)
Identifier:
CVE-2021-36150
Versions Affected:
silverstripe/admin: ^1.0
Versions Fixed:
silverstripe/admin: ^1.8.1, silverstripe/admin: ^1.9.0
Release Date:
2021-10-05

A reflective cross-site-script vulnerability exists where if an unwitting CMS user is tricked into pasting HTML containing script tags into a particular CMS form field, arbitrary javascript can be run inside the users browser.

Base CVSS: 4.0

CWP CVSS: 4.0

Reporters: Anonymous disclosure