silverstripe/framework's `Member.Name` is not escaped

2024-05-2718:58:08

CWE-79

GitHub Advisory Database

github.com

silverstripe framework member name xss security software

AI Score

6.9

Confidence

High

JSON

The core template framework/templates/Includes/GridField_print.ss uses “Printed by $Member.Name”.

If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly.

Affected configurations

Vulners

Node

silverstripeframeworkRange3.4.0-rc1–3.4.1

silverstripeframeworkRange3.3.2-rc1–3.3.3

silverstripeframeworkRange3.2.4-rc1–3.2.5

silverstripeframeworkRange3.1.9-rc1–3.1.20

VendorProductVersionCPE
silverstripeframework*cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	framework	*	cpe:2.3:a:silverstripe:framework::::::::

References

github.com/advisories/GHSA-r9vp-fp72-xgf7

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml

github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619

github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4

github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5

github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296

www.silverstripe.org/download/security-releases/ss-2016-013

AI Score

6.9

Confidence

High

JSON