Vulnerability Database

296,147

Total vulnerabilities in the database

Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.

This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.

Published: May 23, 2024
Updated: Jun 27, 2024
GHSA: GHSA-mqf5-275h-gf6r
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
silverstripe / framework	3.1.0	3.1.14