Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14272)

Description

In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.

Remediation

References

Related Vulnerabilities

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15160)

Oracle Database Server CVE-2008-1818 Vulnerability (CVE-2008-1818)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)

WordPress Plugin Crisp Live Chat Cross-Site Request Forgery (0.31)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-4613)

Severity

Medium

Classification

CVE-2019-14272 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities