Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-R97R-64VP-FGHM
HistoryMay 22, 2024 - 6:53 p.m.

Silverstripe XSS vulnerability via VirtualPage

2024-05-2218:53:38
CWE-79
GitHub Advisory Database
github.com
6
cross-site scripting
virtualpage
cms access
malicious html
unescaped html
field content
security vulnerability
software

AI Score

6.3

Confidence

High

JSON

A cross-site scripting vulnerability has been discovered in the VirtualPage class.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to.

This has been resolved by ensuring that VirtualPage safely escapes all field content.

Affected configurations

Vulners
Node
silverstriperegistryRange3.1.03.1.9silverstripe
VendorProductVersionCPE
silverstriperegistry*cpe:2.3:a:silverstripe:registry:*:*:*:*:*:silverstripe:*:*

AI Score

6.3

Confidence

High

JSON