SS-2017-003: XSS in RedirectorPage

24 views
Skip to first unread message

Patrick Nelson

unread,
Jun 2, 2017, 2:58:33 PM6/2/17
to silverst...@googlegroups.com
Just to clarify for this particular issue: This only affects authenticated users who are editing this object, correct? Just to make sure. 




- Patrick Nelson
Sent from my phone.

Begin forwarded message:

From: silverstri...@googlegroups.com
Date: June 2, 2017 at 9:31:25 AM PDT
To: Abridged recipients <silverstri...@googlegroups.com>
Subject: Abridged summary of silverstri...@googlegroups.com - 1 update in 1 topic
Reply-To: silverstri...@googlegroups.com

Damian Mooyman <dam...@silverstripe.com>: Jun 01 07:42PM -0700

Patch releases 3.4.6 and 3.5.4 have been released. In addition, 3.6.0 has
been released, and introduces support for PHP 7.
 
These releases include some low-severity security fixes. These include: ...more
You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to silverstripe-ann...@googlegroups.com.

Daniel Hensby

unread,
Jun 5, 2017, 3:56:52 PM6/5/17
to SilverStripe Core Development
Yes, this is just a vulnerability if you have malicious CMS users and/or a compromised CMS user account.

Regards,
Dan


On Friday, 2 June 2017 19:58:33 UTC+1, Patrick Nelson wrote:
Just to clarify for this particular issue: This only affects authenticated users who are editing this object, correct? Just to make sure. 




- Patrick Nelson
Sent from my phone.

Begin forwarded message:

From: silverstri...@googlegroups.com
Date: June 2, 2017 at 9:31:25 AM PDT
To: Abridged recipients <silverstri...@googlegroups.com>
Subject: Abridged summary of silverstri...@googlegroups.com - 1 update in 1 topic
Reply-To: silverstri...@googlegroups.com

Damian Mooyman <dam...@silverstripe.com>: Jun 01 07:42PM -0700

Patch releases 3.4.6 and 3.5.4 have been released. In addition, 3.6.0 has
been released, and introduces support for PHP 7.
 
These releases include some low-severity security fixes. These include: ...more
You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to silverstripe-announce+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages