Lucene search
GitHub Advisory DatabaseGHSA-HQ4P-5MPR-JJ9MHistoryMay 23, 2024 - 5:15 p.m.
Silverstripe XSS in dev/build returnURL Parameter
2024-05-2317:15:09
CWE-79
GitHub Advisory Database
github.com
5
silverstripe
xss risk
dev/build
returnurl
unvalidated url
third party url
security issue
framework 3.1.14
AI Score
6
Confidence
High
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
This issue is resolved in framework 3.1.14 stable release.
Affected configurations
Node
silverstripeframeworkRange<3.1.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silverstripe | framework | * | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-hq4p-5mpr-jj9m
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml
github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8
www.silverstripe.org/software/download/security-releases/ss-2015-015
AI Score
6
Confidence
High