Lucene search

K
osvGoogleOSV:GHSA-R97R-64VP-FGHM
HistoryMay 22, 2024 - 6:53 p.m.

Silverstripe XSS vulnerability via VirtualPage

2024-05-2218:53:38
Google
osv.dev
2
silverstripe
xss
virtualpage
vulnerability
cms
html
field content
software

6.3 Medium

AI Score

Confidence

High

A cross-site scripting vulnerability has been discovered in the VirtualPage class.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to.

This has been resolved by ensuring that VirtualPage safely escapes all field content.

6.3 Medium

AI Score

Confidence

High