Lucene search

K
githubGitHub Advisory DatabaseGHSA-MQF5-275H-GF6R
HistoryMay 23, 2024 - 5:27 p.m.

Silverstripe framework is vulnerable to XSS in install.php

2024-05-2317:27:19
CWE-79
GitHub Advisory Database
github.com
7
silverstripe framework
xss
vulnerability
installation
parameters
setup form
3.1.14
stable
existing users
production server
software

6.9 Medium

AI Score

Confidence

Low

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.

This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.1.14
CPENameOperatorVersion
silverstripe/frameworklt3.1.14

6.9 Medium

AI Score

Confidence

Low