silverstripe/framework has Cross-site Scripting vulnerability in page history comparison

Published: May 27, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-c4c3-j73v-634r" target="_blank" rel="noopener"> GHSA-c4c3-j73v-634r
Severity: Medium
Exploit:

Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.

No technical information available.

No CWE or OWASP classifications available.

Software	From	Fixed in
silverstripe / framework	3.4.0-rc1	3.4.6
silverstripe / framework	3.5.0-rc1	3.5.4

Vulnerability Database