MEDIUM
Silverstripe
CVE published 2017-03-06
CVE-2017-5197
CVE-2017-5197 is a cross-site scripting issue in SilverStripe CMS affecting page-name handling. The vulnerability is described as reachable over the network and requiring user interaction, with an attacker able to influence a page name so that script executes in a victim’s browser context. The published advisory says the issue is fixed in SilverStripe CMS 3.4.4 and 3.5.2, and gives a malformed SVG/event-h [truncated]