Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2026-54720 XSS attack through media embed

CVE-2026-54720 XSS attack through media embed

Severity:
Medium (?)
Identifier:
CVE-2026-54720
Versions Affected:
silverstripe/framework: < 6.2.2
Versions Fixed:
silverstripe/framework: 6.2.2
Release Date:
2026-06-24

The "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed.

Base CVSS: 5.4
Reported by: Jack Wallace from Bastion Security