silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage

RedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.

Published: May 27, 2024
Updated: Jun 27, 2024
GHSA: GHSA-pp7q-6j3f-74vj
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
silverstripe / framework	3.4.0-rc1	3.4.6
silverstripe / framework	3.5.0-rc1	3.5.4

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml
https://www.silverstripe.org/download/security-releases/ss-2017-003

Vulnerability Database

silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage