Moderate severityNVD Advisory· Published Jul 15, 2020· Updated Aug 4, 2024
CVE-2020-9311
CVE-2020-9311
Description
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | <= 4.5.0 | — |
silverstripe/frameworkPackagist | >= 3.0.0, < 3.7.5 | 3.7.5 |
Affected products
4- SilverStripe/SilverStripe CMSdescription
- osv-coords3 versions
>= 3.0.0, < 3.7.5+ 2 more
- (no CPE)range: >= 3.0.0, < 3.7.5
- (no CPE)range: <= 4.5.0
- (no CPE)range: >= 3.0.0, < 3.7.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2pw2-qpcp-m47xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-9311ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yamlghsaWEB
- www.silverstripe.org/download/security-releases/CVE-2020-9311ghsax_refsource_CONFIRMWEB
- www.silverstripe.org/download/security-releases/cve-2020-9311ghsaWEB
News mentions
0No linked articles in our index yet.