Lucene search

K
githubGitHub Advisory DatabaseGHSA-88JP-9JRV-6368
HistoryMay 23, 2024 - 3:00 p.m.

Silverstripe XSS In GridField print

2024-05-2315:00:45
CWE-79
GitHub Advisory Database
github.com
1
cross-site scripting
gridfield
cms access
html
print feature
software

6.3 Medium

AI Score

Confidence

High

A cross-site scripting vulnerability has been discovered in the print view of GridField.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used.

This has been resolved by ensuring that the print feature safely escapes all fields.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.1.10
CPENameOperatorVersion
silverstripe/frameworklt3.1.10

6.3 Medium

AI Score

Confidence

High