Ed Chipman

**Name of the Vulnerable Software and Affected Versions** SilverStripe versions 4.4.x through 4.4.4 SilverStripe versions 4.5.x through 4.5.1 **Description** The issue allows Reflected XSS on the login form and custom forms. Silverstripe Forms permit malicious HTML or JavaScript to be inserted through non-scalar `FormField` attributes, enabling XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. **Recommendations** For SilverStripe versions 4.4.x through 4.4.4, update to version 4.4.5 or later. For SilverStripe versions 4.5.x through 4.5.1, update to version 4.5.2 or later.