silverstripe/admin Security Advisories for 1.5.0-rc2 (5)
-
[MEDIUM] CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
PKSA-ms6r-5yrz-36rx CVE-2023-49783 GHSA-j3m6-gvm8-mhvw
Affected version: >=1.0.0,<1.13.19|>=2.0.0,<2.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE
PKSA-dfr9-j5tz-nqsk GHSA-jxcx-3h54-qqxx
Affected version: >=1.0.0,<1.13.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-001 - XSS vulnerability in underlying TinyMCE library
PKSA-y8bg-mk3d-wx3s GHSA-4q66-g4mm-8rg5
Affected version: >=1.0.0,<1.12.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS
PKSA-cft2-kzgn-t4w3 CVE-2022-38146 GHSA-44xv-v98g-v79f
Affected version: >=1.0.0,<1.11.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting
PKSA-zmvy-dmwz-zrvp CVE-2021-36150 GHSA-j66h-cc96-c32q
Affected version: >=1.0.0,<1.8.1
Reported by:
GitHub, FriendsOfPHP/security-advisories