Merge pull request #691 from creative-commoners/pulls/master/CVE-2023…

…-32302-and-SS-2023-002 Add Silverstripe CMS advisories SS-2023-002 and CVE-2023-32302
FriendsOfPHP · Aug 23, 2023 · be0976e · be0976e
2 parents 83715a6 + ccbfb3c
commit be0976e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/silverstripe/admin/SS-2023-002.yaml b/silverstripe/admin/SS-2023-002.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE"
+link:      https://www.silverstripe.org/download/security-releases/SS-2023-002
+cve:       ~
+branches:
+    1.13.x:
+        time:     2023-07-30 23:41:51
+        versions: ['>=1.0.0', '<1.13.6']
+reference: composer://silverstripe/admin
diff --git a/silverstripe/framework/CVE-2023-32302.yaml b/silverstripe/framework/CVE-2023-32302.yaml
@@ -0,0 +1,11 @@
+title:     "CVE-2023-32302 - Members with no password can be created and bypass custom login forms"
+link:      https://www.silverstripe.org/download/security-releases/CVE-2023-32302
+cve:       CVE-2023-32302
+branches:
+    4.13.x:
+        time:     2023-07-30 23:39:57
+        versions: ['>=3.0.0', '<4.13.14']
+    5.0.x:
+        time:     2023-07-31 00:15:08
+        versions: ['>=5.0.0', '<5.0.13']
+reference: composer://silverstripe/framework