Description
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
Remediation
References
Related Vulnerabilities
WordPress Plugin MW WP Form Arbitrary File Deletion (5.0.3)
WordPress 'post.php' Cross-Site Scripting Vulnerability (1.5)
WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)
WordPress Plugin Passster-Password Protection Cross-Site Scripting (3.5.5.7)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7874)