Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2019-19325
Good to know:
Date: February 17, 2020
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version silverstripe/framework - 3.7.x-dev;silverstripe/framework - 4.4.x-dev;silverstripe/framework - 4.4.5;silverstripe/framework - 3.5.x-dev;silverstripe/framework - 3.7.5;silverstripe/framework - 3.6.x-dev;silverstripe/framework - 4.2.x-dev;silverstripe/framework - 4.3.x-dev;silverstripe/framework - 4.5.2;silverstripe/framework - 4.5.x-dev;silverstripe/framework - 3.x-dev;silverstripe/framework - 4.x-dev
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |