Lucene search

K
osvGoogleOSV:GHSA-34Q6-XQXH-GQ39
HistoryMay 23, 2024 - 3:21 p.m.

Silverstripe XSS In rewritten hash links

2024-05-2315:21:44
Google
osv.dev
1
silverstripe
xss
vulnerability
hash links
ssviewer
html injection
querystring
software

6 Medium

AI Score

Confidence

High

A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href=“#anchor”) to be rewritten in an unsafe way.

The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate escaping, meaning that HTML could be injected via injecting unsafe values to any page via the querystring.

Due to the nature of this issue it is likely that a large number of SilverStripe sites are affected.

6 Medium

AI Score

Confidence

High