CVE Catalog

CVE-2026-54720

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

In Silverstripe Framework prior to version 6.2.2, the 'Insert media from web' functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2.

Risk Assessment

An attacker can inject malicious script through embedded media, potentially leading to session theft, account takeover, or data leakage within the organization.

Recommendation

Immediately upgrade Silverstripe Framework to version 6.2.2 or later to eliminate the XSS vulnerability.

Original NVD description (English source)

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/

Vulnerability data from NVD (NIST) · CISA KEV · EPSS