silverstripe/admin Security Advisories for 1.13.0 (2)
-
[MEDIUM] CVE-2023-49783 No permission checks for editing or deleting records with CSV import form
PKSA-ms6r-5yrz-36rx CVE-2023-49783 GHSA-j3m6-gvm8-mhvw
Affected version: >=1.0.0,<1.13.19|>=2.0.0,<2.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE
PKSA-dfr9-j5tz-nqsk GHSA-jxcx-3h54-qqxx
Affected version: >=1.0.0,<1.13.6
Reported by:
GitHub, FriendsOfPHP/security-advisories