CVE-2026-54720
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
In Silverstripe Framework prior to version 6.2.2, the 'Insert media from web' functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2.
Risk Assessment
An attacker can inject malicious script through embedded media, potentially leading to session theft, account takeover, or data leakage within the organization.
Recommendation
Immediately upgrade Silverstripe Framework to version 6.2.2 or later to eliminate the XSS vulnerability.
Original NVD description (English source)
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/

