SS-2013-009: XSS in CMS "Pages" section
- Low (?)
- Versions Affected:
- Versions Fixed:
- Release Date:
The "Insert Link" dropdown and "Dependent Pages" list in the "Pages" CMS section are vulnerable to persistent cross-site scripting, through the SiteTree.Title attribute. This form of attack requires a CMS login by a malicious third party, and can lead to executing authenticated requests on behalf of the CMS user victim.