Add CVE details for January 2025 Silverstripe CMS patches

FriendsOfPHP · Jan 14, 2025 · a44e21c · a44e21c
1 parent 0386c23
commit a44e21c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/silverstripe/framework/CVE-2024-47605.yaml b/silverstripe/framework/CVE-2024-47605.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-47605 - XSS via insert media remote file oembed"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-47605
+cve:       CVE-2024-47605
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:19
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/CVE-2024-53277.yaml b/silverstripe/framework/CVE-2024-53277.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-53277 - XSS in form messages"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-53277
+cve:       CVE-2024-53277
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:36
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-002.yaml b/silverstripe/framework/SS-2024-002.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-002
+cve:       ~
+branches:
+    5.3.x:
+        time:     2025-01-14 21:23:51
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework