๐Ÿ” CVE Alert

CVE-2026-54720

MEDIUM 5.4

Silverstripe Framework: Possible XSS attack through media embed

CVSS Score
5.4
EPSS Score
0.3%
EPSS Percentile
18th

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/

CWE CWE-79
Vendor silverstripe
Product silverstripe-framework
Published Jul 1, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for silverstripe silverstripe-framework

Be the first to know when new medium vulnerabilities affecting silverstripe silverstripe-framework are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

silverstripe / silverstripe-framework
< 6.2.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-gvrw-qqp5-jgc5 silverstripe.org: https://www.silverstripe.org/download/security-releases/cve-2026-54720