Name of the Vulnerable Software and Affected Versions Silverstripe CMS (affected versions not specified)

Description A cross-site scripting issue has been found in the TreeDropdownField and TreeMultiSelectField. This can be exploited if a user with CMS access posts malicious or unescaped HTML into data objects used by these fields. The issue is resolved by safely encoding the content of data objects used as data sources.

Recommendations For the affected versions, ensure that all data objects used as a data source for the TreeDropdownField and TreeMultiSelectField have their content safely encoded to prevent exploitation.