https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 08 May 2026 23:42:10 +0000 https://vulnerability.circl.lu/sighting/3b2b9efd-dc2d-4123-8ac0-934d55a64542/export {"uuid": "3b2b9efd-dc2d-4123-8ac0-934d55a64542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-7CMP-CGG8-4C82", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47605\n\ud83d\udd39 Description: silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-14T22:42:31.153Z\n\ud83d\udccf Modified: 2025-01-14T22:45:00.758Z\n\ud83d\udd17 References:\n1. https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82\n2. https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a\n3. https://www.silverstripe.org/download/security-releases/cve-2024-47605", "creation_timestamp": "2025-01-14T23:09:18.000000Z"} {"uuid": "3b2b9efd-dc2d-4123-8ac0-934d55a64542", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-7CMP-CGG8-4C82", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1634", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-47605\n\ud83d\udd39 Description: silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-01-14T22:42:31.153Z\n\ud83d\udccf Modified: 2025-01-14T22:45:00.758Z\n\ud83d\udd17 References:\n1. https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82\n2. https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a\n3. https://www.silverstripe.org/download/security-releases/cve-2024-47605", "creation_timestamp": "2025-01-14T23:09:18.000000Z"} https://vulnerability.circl.lu/sighting/3b2b9efd-dc2d-4123-8ac0-934d55a64542/export Tue, 14 Jan 2025 23:09:18 +0000