Description

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.

INFO

Published Date :

2025-04-10T13:02:22.415Z

Last Modified :

2025-04-10T13:34:14.930Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30148 vulnerability.

Vendors Products
Silverstripe
  • Framework
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30148.

URL Resource
https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358 cve-icon cve-icon
https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387 cve-icon cve-icon
https://www.silverstripe.org/download/security-releases/cve-2025-30148 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact