In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| silverstripe/cms(Packagist) | 0 | N/A | N/A |
| silverstripe/framework(Packagist) | 3.0.0 | 3.7.5 | N/A |
CVSS Metrics
