silverstripe/admin Security Advisories for 1.12.5 (3)
-
[MEDIUM] CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
PKSA-ms6r-5yrz-36rx CVE-2023-49783 GHSA-j3m6-gvm8-mhvw
Affected version: >=1.0.0,<1.13.19|>=2.0.0,<2.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE
PKSA-dfr9-j5tz-nqsk GHSA-jxcx-3h54-qqxx
Affected version: >=1.0.0,<1.13.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-001 - XSS vulnerability in underlying TinyMCE library
PKSA-y8bg-mk3d-wx3s GHSA-4q66-g4mm-8rg5
Affected version: >=1.0.0,<1.12.7
Reported by:
GitHub, FriendsOfPHP/security-advisories