CVE-2019-19325 — MEDIUM (6.1)

Q: How severe is CVE-2019-19325?

CVE-2019-19325 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19325?

Check the references section above for vendor advisories and patch information. Affected products include: Silverstripe Silverstripe.

Vulnerability Description

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Silverstripe	Silverstripe	>= 4.4.0, < 4.4.5

Related Weaknesses (CWE)

CWE-79

References

https://www.silverstripe.org/download/security-releases/cve-2019-19325Vendor Advisory
https://www.silverstripe.org/download/security-releases/cve-2019-19325Vendor Advisory

FAQ

What is CVE-2019-19325?

CVE-2019-19325 is a vulnerability with a CVSS score of 6.1 (MEDIUM). SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non...

How severe is CVE-2019-19325?

CVE-2019-19325 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19325?

Check the references section above for vendor advisories and patch information. Affected products include: Silverstripe Silverstripe.