Lucene search
Veracode Vulnerability DatabaseVERACODE:38216HistoryNov 24, 2022 - 3:28 a.m.
Cross-site Scripting (XSS)
2022-11-2403:28:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
silverstripe
vulnerability
javascript injection
uploaded files
EPSS
0.001
Percentile
31.7%
Silverstripe is vulnerable to cross-site scripting.The vulnerability exists in $allowed_extensions array of File.php because of uploading .gpx files which allows an attacker to inject and execute malicious javaScript.
References
forum.silverstripe.org/c/releases
github.com/advisories/GHSA-vv3r-fxqp-vr3f
github.com/silverstripe/silverstripe-assets/commit/d132e9f7a104748efd2ca02a100455bf941d20c1
github.com/silverstripe/silverstripe-assets/pull/529
github.com/silverstripe/silverstripe-framework/blob/f44d5b311e57a50d32a2208f93b207011359df02/filesystem/File.php#L114
www.silverstripe.org/blog/tag/release
www.silverstripe.org/download/security-releases/
www.silverstripe.org/download/security-releases/CVE-2022-38147
Related
prion
prion
Cross site scripting
2022-11-23 03:15:00
nvd
nvd
CVE-2022-38147
2022-11-23 03:15:10
cvelist
cvelist
CVE-2022-38147
2022-11-23 00:00:00
github
github
XSS via uploaded gpx file
2022-11-21 23:58:07
osv
osv
XSS via uploaded gpx file
2022-11-21 23:58:07
friendsofphp
friendsofphp
CVE-2022-38147 - XSS via uploaded gpx file
2021-11-21 00:00:00
cve
cve
CVE-2022-38147
2022-11-23 03:15:10