silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage

2024-05-2720:05:34

CWE-79

GitHub Advisory Database

github.com

silverstripe

framework

xss

redirectorpage

security

vulnerability

browser execution

software

AI Score

7.2

Confidence

Low

JSON

RedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.

Affected configurations

Vulners

Node

silverstripeframeworkRange3.5.0-rc1–3.5.4

silverstripeframeworkRange3.4.0-rc1–3.4.6

VendorProductVersionCPE
silverstripeframework*cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	framework	*	cpe:2.3:a:silverstripe:framework::::::::

References

github.com/advisories/GHSA-pp7q-6j3f-74vj

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml

www.silverstripe.org/download/security-releases/ss-2017-003

AI Score

7.2

Confidence

Low

JSON