Silverstripe XSS in Director::force_redirect()

2024-05-2316:48:11

Google

osv.dev

silverstripe

framework

xss

http redirection

director::force_redirect method

low level vulnerability

5.9 Medium

AI Score

Confidence

High

JSON

A low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method.

Attempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments.

This vulnerability is marked low as it is difficult to exploit, as any injected HTML will only be returned from the server if the Location HTTP header is also sent, meaning that any user browsing the site would not be exposed to the body of the response before their browser redirects them.

CPENameOperatorVersion
silverstripe/frameworkeq3.1.10-rc1
silverstripe/frameworkeq3.1.2-rc1
silverstripe/frameworkeq3.1.3
silverstripe/frameworkeq3.1.3-rc1
silverstripe/frameworkeq3.1.2
silverstripe/frameworkeq3.1.5
silverstripe/frameworkeq3.1.4-rc1
silverstripe/frameworkeq3.1.6
silverstripe/frameworkeq3.1.3-rc2
silverstripe/frameworkeq3.1.8

Name	Operator	Version
silverstripe/framework	eq	3.1.10-rc1
silverstripe/framework	eq	3.1.2-rc1
silverstripe/framework	eq	3.1.3
silverstripe/framework	eq	3.1.3-rc1
silverstripe/framework	eq	3.1.2
silverstripe/framework	eq	3.1.5
silverstripe/framework	eq	3.1.4-rc1
silverstripe/framework	eq	3.1.6
silverstripe/framework	eq	3.1.3-rc2
silverstripe/framework	eq	3.1.8

Rows per page:

1-10 of 251

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-010-1.yaml

github.com/silverstripe/silverstripe-framework

github.com/silverstripe/silverstripe-framework/commit/ee9bddb808df6d27db4d56bb5d522dcfe6788715

www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect

5.9 Medium

AI Score

Confidence

High

JSON