SS-2017-003: XSS in RedirectorPage

24 views

Skip to first unread message

Patrick Nelson

unread,

Jun 2, 2017, 2:58:33 PM6/2/17

to silverst...@googlegroups.com

Just to clarify for this particular issue: This only affects authenticated users who are editing this object, correct? Just to make sure.

- Patrick Nelson

Sent from my phone.

Begin forwarded message:

From: silverstri...@googlegroups.com
Date: June 2, 2017 at 9:31:25 AM PDT
To: Abridged recipients <silverstri...@googlegroups.com>
Subject: Abridged summary of silverstri...@googlegroups.com - 1 update in 1 topic
Reply-To: silverstri...@googlegroups.com

silverstri...@googlegroups.com Google Groups

Today's topic summary
View all topics

SilverStripe Security Releases: 3.4.6, 3.5.4, 3.6.0 - 1 Update

SilverStripe Security Releases: 3.4.6, 3.5.4, 3.6.0

Damian Mooyman <dam...@silverstripe.com>: Jun 01 07:42PM -0700

Patch releases 3.4.6 and 3.5.4 have been released. In addition, 3.6.0 has
been released, and introduces support for PHP 7.

These releases include some low-severity security fixes. These include: ...more

Back to top

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to silverstripe-ann...@googlegroups.com.

Daniel Hensby

unread,

Jun 5, 2017, 3:56:52 PM6/5/17

to SilverStripe Core Development

Yes, this is just a vulnerability if you have malicious CMS users and/or a compromised CMS user account.

Regards,

Dan

On Friday, 2 June 2017 19:58:33 UTC+1, Patrick Nelson wrote:

Just to clarify for this particular issue: This only affects authenticated users who are editing this object, correct? Just to make sure.

- Patrick Nelson
Sent from my phone.

Begin forwarded message:

From: silverstri...@googlegroups.com
Date: June 2, 2017 at 9:31:25 AM PDT
To: Abridged recipients <silverstri...@googlegroups.com>
Subject: Abridged summary of silverstri...@googlegroups.com - 1 update in 1 topic
Reply-To: silverstri...@googlegroups.com

silverstripe-announce@googlegroups.com Google Groups

Today's topic summary
View all topics

SilverStripe Security Releases: 3.4.6, 3.5.4, 3.6.0 - 1 Update

SilverStripe Security Releases: 3.4.6, 3.5.4, 3.6.0

Damian Mooyman <dam...@silverstripe.com>: Jun 01 07:42PM -0700

Patch releases 3.4.6 and 3.5.4 have been released. In addition, 3.6.0 has
been released, and introduces support for PHP 7.

These releases include some low-severity security fixes. These include: ...more

Back to top

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.

To unsubscribe from this group and stop receiving emails from it send an email to silverstripe-announce+unsub...@googlegroups.com.

Reply all

Reply to author

Forward

0 new messages