Lucene search

K
githubGitHub Advisory DatabaseGHSA-MPQJ-F4V3-334H
HistoryMay 23, 2024 - 7:46 p.m.

Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter

2024-05-2319:46:36
CWE-79
GitHub Advisory Database
github.com
2
silverstripe
versionedrequestfilter
cross-site scripting
vulnerability
error message
html injection
cms login page

6.3 Medium

AI Score

Confidence

High

A cross-site scripting vulnerability in VersionedRequestFilter has been found.

If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.4.1
OR
silverstripeframeworkRange<3.3.3

6.3 Medium

AI Score

Confidence

High