Skip to content

Reflected Cross Site Scripting (XSS) in error message

Low severity GitHub Reviewed Published Jan 23, 2025 to the GitHub Advisory Database • Updated Jan 23, 2025

Package

composer silverstripe/framework (Composer)

Affected versions

< 5.3.8

Patched versions

5.3.8

Description

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.

References

Published to the GitHub Advisory Database Jan 23, 2025
Reviewed Jan 23, 2025
Last updated Jan 23, 2025

Severity

Low

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-74j9-xhqr-6qv3

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.