Ingo Schommer

**Name of the Vulnerable Software and Affected Versions** SilverStripe versions prior to 4.6 **Description** The issue affects files uploaded via Forms to folders migrated from Silverstripe CMS 3.x, where they may be put in the default "/Uploads" folder instead of the intended location. This impacts installations that had upload folder protection enabled via the silverstripe/secureassets module under 3.x, which is installed and enabled by default on the Common Web Platform (CWP). The issue only affects files uploaded after an upgrade to 4.x. **Recommendations** For SilverStripe versions prior to 4.6, update to version 4.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SilverStripe versions 2.3.x through 2.3.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. **Recommendations** For versions 2.3.x through 2.3.5, update to version 2.3.6 or later to resolve the issue.