Description

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-07-17T19:36:00.563Z

Last Modified :

2024-08-02T02:27:53.196Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-32981 vulnerability.

Vendors Products
Silverstripe
  • Framework
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32981.

URL Resource
https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1 cve-icon cve-icon cve-icon
https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg cve-icon cve-icon cve-icon
https://www.silverstripe.org/download/security-releases/cve-2024-32981 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact