以下是该网页截图中的关键漏洞信息,使用Markdown格式简洁返回: Security Releases SS-2025-001 User enumeration via timing attack Severity: Medium Affected Versions: SilverStripe framework: <5.3.23 Fixed Versions: SilverStripe framework: 5.3.23 Release Date: 2025-04-10 Base CVSS: 5.3 Description: User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. CVE-2025-30148 XSS vulnerability in HTML editor Severity: Medium Affected Versions: SilverStripe framework: <5.3.23 Fixed Versions: SilverStripe framework: 5.3.23 Release Date: 2025-04-10 Base CVSS: 5.4 Description: A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. CVE-2025-25197 XSS attack in elemental "Content blocks in use" report Severity: Medium Affected Versions: dnadesign/silverstripe-elemental: <5.3.12 Fixed Versions: dnadesign/silverstripe-elemental: 5.3.12 Release Date: 2025-04-10 Base CVSS: 5.4 Description: An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. 这些信息主要涵盖了漏洞的严重程度、受影响的版本、修复的版本、发布日期、CVSS评分和漏洞描述。