silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.
References
Link | Resource |
---|---|
https://gist.github.com/ahpaleus/c3bd2d41d306544ca3158569335d12f2 | Exploit Third Party Advisory |
https://github.com/nyeholt/silverstripe-advancedreports/releases | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-03T16:35:21
Updated: 2020-09-03T16:35:21
Reserved: 2020-09-03T00:00:00
Link: CVE-2020-25102
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-03T17:15:11.537
Modified: 2020-09-10T14:46:52.493
Link: CVE-2020-25102
JSON object: View
Redhat Information
No data.
CWE