From a44e21c568b9bb359db468d9c17411fab44fb632 Mon Sep 17 00:00:00 2001
From: Guy Sartorelli <guy.sartorelli@gmail.com>
Date: Wed, 15 Jan 2025 11:48:15 +1300
Subject: [PATCH] Add CVE details for January 2025 Silverstripe CMS patches

---
 silverstripe/framework/CVE-2024-47605.yaml | 8 ++++++++
 silverstripe/framework/CVE-2024-53277.yaml | 8 ++++++++
 silverstripe/framework/SS-2024-002.yaml    | 8 ++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 silverstripe/framework/CVE-2024-47605.yaml
 create mode 100644 silverstripe/framework/CVE-2024-53277.yaml
 create mode 100644 silverstripe/framework/SS-2024-002.yaml

diff --git a/silverstripe/framework/CVE-2024-47605.yaml b/silverstripe/framework/CVE-2024-47605.yaml
new file mode 100644
index 000000000..3b31b7426
--- /dev/null
+++ b/silverstripe/framework/CVE-2024-47605.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-47605 - XSS via insert media remote file oembed"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-47605
+cve:       CVE-2024-47605
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:19
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/CVE-2024-53277.yaml b/silverstripe/framework/CVE-2024-53277.yaml
new file mode 100644
index 000000000..0f60b5b86
--- /dev/null
+++ b/silverstripe/framework/CVE-2024-53277.yaml
@@ -0,0 +1,8 @@
+title:     "CVE-2024-53277 - XSS in form messages"
+link:      https://www.silverstripe.org/download/security-releases/cve-2024-53277
+cve:       CVE-2024-53277
+branches:
+    5.3.x:
+        time:     2025-01-14 21:24:36
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework
diff --git a/silverstripe/framework/SS-2024-002.yaml b/silverstripe/framework/SS-2024-002.yaml
new file mode 100644
index 000000000..0d242a3aa
--- /dev/null
+++ b/silverstripe/framework/SS-2024-002.yaml
@@ -0,0 +1,8 @@
+title:     "SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message"
+link:      https://www.silverstripe.org/download/security-releases/ss-2024-002
+cve:       ~
+branches:
+    5.3.x:
+        time:     2025-01-14 21:23:51
+        versions: ['<5.3.8']
+reference: composer://silverstripe/framework