Description In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. Remediation References CVE-2019-14272 Related Vulnerabilities phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-27299) Sqlite Out-of-bounds Read Vulnerability (CVE-2021-31239) Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508) WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5) WordPress Plugin Flickr Justified Gallery Cross-Site Scripting (3.3.6) Severity Medium Classification CVE-2019-14272 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities