Silverstripe Form field validation message XSS vulnerability

2024-05-2318:07:48

Google

osv.dev

silverstripe

formfield

validation

message

xss

vulnerability

numericfield

dropdownfield

risk

software

6.2 Medium

AI Score

Confidence

High

JSON

A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.

Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.

CPENameOperatorVersion
silverstripe/frameworkeq3.1.10-rc1
silverstripe/frameworkeq3.0.3-rc1
silverstripe/frameworkeq3.1.2-rc1
silverstripe/frameworkeq3.0.6-rc2
silverstripe/frameworkeq3.1.3
silverstripe/frameworkeq3.1.3-rc1
silverstripe/frameworkeq3.1.2
silverstripe/frameworkeq3.1.5
silverstripe/frameworkeq3.0.3
silverstripe/frameworkeq3.1.0-rc2

Name	Operator	Version
silverstripe/framework	eq	3.1.10-rc1
silverstripe/framework	eq	3.0.3-rc1
silverstripe/framework	eq	3.1.2-rc1
silverstripe/framework	eq	3.0.6-rc2
silverstripe/framework	eq	3.1.3
silverstripe/framework	eq	3.1.3-rc1
silverstripe/framework	eq	3.1.2
silverstripe/framework	eq	3.1.5
silverstripe/framework	eq	3.0.3
silverstripe/framework	eq	3.1.0-rc2

Rows per page:

1-10 of 621

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462

github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c

www.silverstripe.org/download/security-releases/ss-2015-026

6.2 Medium

AI Score

Confidence

High

JSON