The core template framework/templates/Includes/GridField_print.ss
uses “Printed by $Member.Name”.
If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.
Vendor | Product | Version | CPE |
---|---|---|---|
silverstripe | framework | * | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-r9vp-fp72-xgf7
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml
github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619
github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4
github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5
github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296
www.silverstripe.org/download/security-releases/ss-2016-013