silverstripe/cms is susceptible to open redirect attacks. The attacks exist because the ‘returnURL’ parameter is not validated properly, allowing attackers to provide a malicious URL to a location or file.
CPE | Name | Operator | Version |
---|---|---|---|
silverstripe/cms | le | 3.1.13 | |
silverstripe/cms | le | 3.1.13 |
hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
www.securityfocus.com/archive/1/535716/100/0/threaded
www.securityfocus.com/archive/1/535716/100/0/threaded
www.securityfocus.com/archive/1/archive/1/535716/100/0/threaded
www.securityfocus.com/bid/75419
www.securityfocus.com/bid/75419
github.com/silverstripe/silverstripe-cms/commit/b87f5473d9f20fe62039ef0d63320143691f7017