Daniel Hensby

2 exploits Active since Sep 2017
CVE-2017-14498 WRITEUP MEDIUM WRITEUP
SilverStripe CMS < 3.6.1 - Cross-Site Scripting via SVG Upload
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
CVSS 6.1
CVE-2017-14498 WRITEUP MEDIUM WRITEUP
SilverStripe CMS < 3.6.1 - Cross-Site Scripting via SVG Upload
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
CVSS 6.1