Silverstripe Asset Admin
Approved changes feed: RSS · Atom
cpe:2.3:a:silverstripe:silverstripe-asset-admin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Silverstripe (fb3ee4e6-70c4-5017-82a7-81441bb33bd1) |
|---|---|
| Product | Silverstripe Asset Admin (7e8bb04f-0f16-5985-9fa6-73ba20985228) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-47605 |
vulnerable | 2026-06-03 14:57:02.040376 |
Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
MEDIUM (5.4)
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2025-01-14T22:42:31.153Z
Updated: 2025-01-15T14:53:56.830Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.