Lucene search

K
osvGoogleOSV:GHSA-HQ4P-5MPR-JJ9M
HistoryMay 23, 2024 - 5:15 p.m.

Silverstripe XSS in dev/build returnURL Parameter

2024-05-2317:15:09
Google
osv.dev
1
xss
returnurl parameter
dev/build
security risk
unvalidated url
third party url
framework 3.1.14
software

6 Medium

AI Score

Confidence

High

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

This issue is resolved in framework 3.1.14 stable release.

6 Medium

AI Score

Confidence

High