silverstripe/framework has Cross-site Scripting vulnerability in page name

2024-05-2719:32:44

Google

osv.dev

cross-site scripting

vulnerability

page name

payload

trigger

alert

software

6.1 Medium

AI Score

Confidence

High

JSON

silverstripe/framework is vulnerable to XSS in Page name where the payload "><svg/onload=alert(/xss/)> will trigger an XSS alert.

CPENameOperatorVersion
silverstripe/frameworkeq3.4.1-rc2
silverstripe/frameworkeq3.5.0-rc2
silverstripe/frameworkeq3.4.3-rc1
silverstripe/frameworkeq3.4.0
silverstripe/frameworkeq3.5.0-rc1
silverstripe/frameworkeq3.4.1-rc1
silverstripe/frameworkeq3.5.0-rc3
silverstripe/frameworkeq3.4.3
silverstripe/frameworkeq3.4.1
silverstripe/frameworkeq3.4.0-rc1

Name	Operator	Version
silverstripe/framework	eq	3.4.1-rc2
silverstripe/framework	eq	3.5.0-rc2
silverstripe/framework	eq	3.4.3-rc1
silverstripe/framework	eq	3.4.0
silverstripe/framework	eq	3.5.0-rc1
silverstripe/framework	eq	3.4.1-rc1
silverstripe/framework	eq	3.5.0-rc3
silverstripe/framework	eq	3.4.3
silverstripe/framework	eq	3.4.1
silverstripe/framework	eq	3.4.0-rc1

Rows per page:

1-10 of 171

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190

www.silverstripe.org/download/security-releases/ss-2017-001

6.1 Medium

AI Score

Confidence

High

JSON