N/A

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).

N/A

N/A

SilverStripe 代码问题漏洞

Silverstripe SilverStripe是新西兰SilverStripe（Silverstripe）公司的一套开源的编程框架和内容管理系统 (CMS)。该系统具有支持多国语言、跨平台等特点。 SilverStripe 4.6.0-rc1存在安全漏洞，该漏洞源于当这个开发人员实用程序被误用在涉及自定义项目代码中外部或用户提交的数据的目的时，它可能会导致漏洞，比如通过自定义代码呈现的HTML输出上的XSS。

N/A

N/A