Lucene search

K
githubGitHub Advisory DatabaseGHSA-JQP8-V74P-G8PX
HistoryMay 23, 2024 - 4:48 p.m.

Silverstripe XSS in Director::force_redirect()

2024-05-2316:48:11
CWE-79
GitHub Advisory Database
github.com
2
silverstripe
xss
vulnerability
director::force_redirect
framework
http redirection
html
escape risk
low level
exploit difficult
user browsing

5.9 Medium

AI Score

Confidence

High

A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method.

Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments.

This vulnerability is marked low as it is difficult to exploit, as any injected HTML will only be returned from the server if the Location HTTP header is also sent, meaning that any user browsing the site would not be exposed to the body of the response before their browser redirects them.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.1.12
CPENameOperatorVersion
silverstripe/frameworklt3.1.12

5.9 Medium

AI Score

Confidence

High