XSS Vulnerability in Silverstripe CMS by Silverstripe
CVE-2026-54720
5.4MEDIUM
What is CVE-2026-54720?
The Silverstripe Framework, widely used for powering the Silverstripe CMS, is susceptible to Cross-Site Scripting (XSS) via its 'Insert media from web' feature. This vulnerability allows attackers to exploit specially crafted embeds in versions prior to 6.2.2, potentially compromising the integrity and security of the application. Users are strongly encouraged to upgrade to version 6.2.2 or later to mitigate this risk.
Affected Version(s)
silverstripe-framework < 6.2.2
