silverstripe/framework has Cross-site Scripting vulnerability in page name

2024-05-2719:32:44

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

vulnerability

page name

payload

trigger

xss alert

software

6.1 Medium

AI Score

Confidence

High

silverstripe/framework is vulnerable to XSS in Page name where the payload "><svg/onload=alert(/xss/)> will trigger an XSS alert.

Affected configurations

Vulners

Node

silverstripeframeworkRange<3.5.2

silverstripeframeworkRange<3.4.4

CPENameOperatorVersion
silverstripe/frameworklt3.5.2
silverstripe/frameworklt3.4.4

CPE	Name	Operator	Version
	silverstripe/framework	lt	3.5.2
	silverstripe/framework	lt	3.4.4

github.com/advisories/GHSA-hhvj-mcrx-3vcf

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml

github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190

www.silverstripe.org/download/security-releases/ss-2017-001

6.1 Medium

AI Score

Confidence

High