In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
{ "cpes": [ "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" ], "severity": "Medium" }