Name of the Vulnerable Software and Affected Versions Silverstripe CMS (affected versions not specified)

Description The issue concerns insufficient CSRF protection in GridField, which can be exploited to trick users with CMS access into posting unspecified data from external websites. This affects the management of groups, users, and permissions in the CMS.

Recommendations For the affected versions, ensure that all gridFieldAlterAction submissions are checked for the SecurityID token during submission.