XSS Vulnerability in Silverstripe CMS by Silverstripe
CVE-2026-54720

5.4MEDIUM

Key Information:

Vendor
CVE Published:
1 July 2026

What is CVE-2026-54720?

The Silverstripe Framework, widely used for powering the Silverstripe CMS, is susceptible to Cross-Site Scripting (XSS) via its 'Insert media from web' feature. This vulnerability allows attackers to exploit specially crafted embeds in versions prior to 6.2.2, potentially compromising the integrity and security of the application. Users are strongly encouraged to upgrade to version 6.2.2 or later to mitigate this risk.

Affected Version(s)

silverstripe-framework < 6.2.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.