QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14498

Published: Sep 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://lists.openwall.net/full-disclosure/2017/09/14/2

x_refsource_MISC

https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a

x_refsource_MISC

https://docs.silverstripe.org/en/3/changelogs/3.6.1

x_refsource_MISC

https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.