SilverStripe CMS is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability and Cross-Site Request Forgeries (CSRF). The site title field in the configuration page fails to securely output encode stored values. As a result, an authenticated attacker can trigger the application to store a malicious string by entering the values into the site title field. When a user visits the web site, the malicious code will be executed in the client browser. The privilege escalation is possible because the form used to change user account passwords does not require the user to confirm their current password and is vulnerable to CSRF. An attacker can reset an Administrator password by creating a malicious web site that sends a POST request to change the current user's password while they are logged into the CMS.