Lucene search

K
osvGoogleOSV:GHSA-MQF5-275H-GF6R
HistoryMay 23, 2024 - 5:27 p.m.

Silverstripe framework is vulnerable to XSS in install.php

2024-05-2317:27:19
Google
osv.dev
3
silverstripe
xss
vulnerability
install.php
setup form
parameters
admin_username
admin_password
stable
3.1.14
production server
file removal

6.9 Medium

AI Score

Confidence

Low

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.

This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.

6.9 Medium

AI Score

Confidence

Low