PT-2025-15980 · Silverstripe · Silverstripe Elemental
Emteknetnz
·
Publicado
2025-04-10
·
Atualizado
2025-04-10
·
CVE-2025-25197
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Silverstripe Elemental versions prior to 5.3.12
Description:
The issue arises from the failure to cast input prior to including it in the grid field, allowing an elemental block to include an XSS payload. This payload can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to this report.
Recommendations:
For versions prior to 5.3.12, update to version 5.3.12 to resolve the issue. As a temporary workaround, consider restricting access to the "Content blocks in use" report until the update is applied.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Silverstripe Elemental