CVE-2020-9311: Cross-site Scripting

July 15, 2020 (updated July 22, 2020)

In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

References

nvd.nist.gov/vuln/detail/CVE-2020-9311
www.silverstripe.org/download/security-releases/CVE-2020-9311

Code Behaviors & Features

Detect and mitigate CVE-2020-9311 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →