Lucene search
GitHub Advisory DatabaseGHSA-M8V7-X398-PXRFHistoryMay 23, 2024 - 7:33 p.m.
Silverstripe XSS in CMS Edit Page
2024-05-2319:33:34
CWE-79
GitHub Advisory Database
github.com
3
xss
cms
edit page
parameter sanitisation
attack
administrator
software
6.8 Medium
AI Score
Confidence
High
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.
An attacker could create a URL and share it with a site administrator to perform an attack.
Affected configurations
Node
silverstripeframeworkRange<3.3.2
ORsilverstripeframeworkRange<3.2.4
ORsilverstripeframeworkRange<3.1.19
| CPE | Name | Operator | Version |
|---|---|---|---|
| silverstripe/framework | lt | 3.3.2 | |
| silverstripe/framework | lt | 3.2.4 | |
| silverstripe/framework | lt | 3.1.19 |
References
github.com/advisories/GHSA-m8v7-x398-pxrf
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-004-1.yaml
github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
github.com/silverstripe/silverstripe-framework/commits/3.3.2
www.silverstripe.org/download/security-releases/ss-2016-004
6.8 Medium
AI Score
Confidence
High