Cross-Site Scripting Vulnerability in Silverstripe Framework by Silverstripe
CVE-2024-53277

5.4MEDIUM

Key Information:

Vendor

Silverstripe

Status
Silverstripe-framework
Vendor
CVE Published:
14 January 2025

What is CVE-2024-53277?

The Silverstripe Framework, utilized in the Silverstripe CMS, includes an aspect where form messages can display HTML markup intentionally, facilitating links and relevant content. However, certain scenarios arise where user-inputted content is inadequately sanitized before being rendered within these form messages, exposing a Cross-Site Scripting (XSS) vulnerability. This flaw has been rectified in version 5.3.8. Users are strongly encouraged to upgrade to this version to ensure their applications remain secure, as there are no known workarounds for this vulnerability.

Affected Version(s)

silverstripe-framework < 5.3.8

References

https://github.com/silverstripe/silverstripe-framework/se...
x_refsource_CONFIRM
https://github.com/silverstripe/silverstripe-framework/co...
x_refsource_MISC
https://www.silverstripe.org/download/security-releases/c...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.