Skip to main content

Silverstripe Framework

1 CVEs product

Monthly

CVE-2026-54720 MEDIUM PATCH This Month

Cross-site scripting in Silverstripe Framework's 'Insert media from web' CMS feature allows a remote unauthenticated attacker to inject malicious JavaScript by supplying a specially crafted embed URL that a CMS editor then inserts into content. All Silverstripe Framework installations prior to version 6.2.2 are affected. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low attack complexity and network accessibility make it a credible risk for any deployment where CMS editors process externally sourced media.

XSS PHP Silverstripe Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting in Silverstripe Framework's 'Insert media from web' CMS feature allows a remote unauthenticated attacker to inject malicious JavaScript by supplying a specially crafted embed URL that a CMS editor then inserts into content. All Silverstripe Framework installations prior to version 6.2.2 are affected. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low attack complexity and network accessibility make it a credible risk for any deployment where CMS editors process externally sourced media.

XSS PHP Silverstripe Framework
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy