Описание
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
Ссылки
- Patch
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.23 (включая)
cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00167
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
10 месяцев назад
Silverstripe Framework has a XSS vulnerability in HTML editor
EPSS
Процентиль: 38%
0.00167
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79