Lucene search
GitHub Advisory DatabaseGHSA-88JP-9JRV-6368HistoryMay 23, 2024 - 3:00 p.m.
Silverstripe XSS In GridField print
2024-05-2315:00:45
CWE-79
GitHub Advisory Database
github.com
1
cross-site scripting
gridfield
cms access
html
print feature
software
6.3 Medium
AI Score
Confidence
High
A cross-site scripting vulnerability has been discovered in the print view of GridField.
This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used.
This has been resolved by ensuring that the print feature safely escapes all fields.
Affected configurations
Node
silverstripeframeworkRange<3.1.10
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/framework | lt | 3.1.10 |
References
github.com/advisories/GHSA-88jp-9jrv-6368
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-006-1.yaml
github.com/silverstripe/silverstripe-framework/commit/cebc0d08c5cc8177c2462a963b76e5bc7827146d
www.silverstripe.org/software/download/security-releases/ss-2015-006
6.3 Medium
AI Score
Confidence
High