Silverstripe XSS In rewritten hash links

2024-05-2315:21:44

Google

osv.dev

silverstripe

xss

vulnerability

hash links

ssviewer

html injection

querystring

software

6 Medium

AI Score

Confidence

High

JSON

A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href=“#anchor”) to be rewritten in an unsafe way.

The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate escaping, meaning that HTML could be injected via injecting unsafe values to any page via the querystring.

Due to the nature of this issue it is likely that a large number of SilverStripe sites are affected.

CPENameOperatorVersion
silverstripe/frameworkeq3.1.10-rc1
silverstripe/frameworkeq3.0.3-rc1
silverstripe/frameworkeq3.1.2-rc1
silverstripe/frameworkeq3.0.6-rc2
silverstripe/frameworkeq3.1.3
silverstripe/frameworkeq2.4.11
silverstripe/frameworkeq2.4.13
silverstripe/frameworkeq3.1.2
silverstripe/frameworkeq3.1.3-rc1
silverstripe/frameworkeq3.1.5

Name	Operator	Version
silverstripe/framework	eq	3.1.10-rc1
silverstripe/framework	eq	3.0.3-rc1
silverstripe/framework	eq	3.1.2-rc1
silverstripe/framework	eq	3.0.6-rc2
silverstripe/framework	eq	3.1.3
silverstripe/framework	eq	2.4.11
silverstripe/framework	eq	2.4.13
silverstripe/framework	eq	3.1.2
silverstripe/framework	eq	3.1.3-rc1
silverstripe/framework	eq	3.1.5

Rows per page:

1-10 of 501

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml

github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5

github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120

www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links

silverstripe/silverstripe-framework

6 Medium

AI Score

Confidence

High

JSON