silverstripe/framework has Cross-site Scripting vulnerability in page name

Published: May 27, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-hhvj-mcrx-3vcf" target="_blank" rel="noopener"> GHSA-hhvj-mcrx-3vcf
Severity: Medium
Exploit:

silverstripe/framework is vulnerable to XSS in Page name where the payload "><svg/onload=alert(/xss/)> will trigger an XSS alert.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
silverstripe / framework	3.4.0-rc1	3.4.4
silverstripe / framework	3.5.0-rc1	3.5.2

Vulnerability Database