silverstripe/admin Security Advisories for 1.9.0-beta1 (4)
-
[MEDIUM] CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
PKSA-ms6r-5yrz-36rx CVE-2023-49783 GHSA-j3m6-gvm8-mhvw
Affected version: >=1.0.0,<1.13.19|>=2.0.0,<2.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE
PKSA-dfr9-j5tz-nqsk GHSA-jxcx-3h54-qqxx
Affected version: >=1.0.0,<1.13.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-001 - XSS vulnerability in underlying TinyMCE library
PKSA-y8bg-mk3d-wx3s GHSA-4q66-g4mm-8rg5
Affected version: >=1.0.0,<1.12.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS
PKSA-cft2-kzgn-t4w3 CVE-2022-38146 GHSA-44xv-v98g-v79f
Affected version: >=1.0.0,<1.11.3
Reported by:
GitHub, FriendsOfPHP/security-advisories