Headline
GHSA-vvxf-r4vm-2vm6: Reflected XSS in querystring parameters
An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.
To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload.
This will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SS_ENVIRONMENT_TYPE environment variable is set to dev. Production sites should always set SS_ENVIRONMENT_TYPE to live.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-38462
Reflected XSS in querystring parameters
Moderate severity GitHub Reviewed Published Nov 21, 2022 • Updated Nov 21, 2022
Vulnerability details Dependabot alerts 0
Package
composer silverstripe/framework (Composer)
Affected versions
>= 4.0.0, < 4.11.13
Patched versions
4.11.13
Description
An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.
To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload.
This will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SS_ENVIRONMENT_TYPE environment variable is set to dev. Production sites should always set SS_ENVIRONMENT_TYPE to live.
References
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2022-38462.yaml
- https://www.silverstripe.org/download/security-releases/cve-2022-38462
Severity
Moderate
Weaknesses
No CWEs
CVE ID
CVE-2022-38462
GHSA ID
GHSA-vvxf-r4vm-2vm6
Source code
No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.