Silverstripe XSS in dev/build returnURL Parameter

A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

This issue is resolved in framework 3.1.14 stable release.

Published: May 23, 2024
Updated: Jun 27, 2024
GHSA: GHSA-hq4p-5mpr-jj9m
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
silverstripe / framework	-	3.1.14

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml
https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8
https://www.silverstripe.org/software/download/security-releases/ss-2015-015

Vulnerability Database

Silverstripe XSS in dev/build returnURL Parameter