GHSA-r97r-64vp-fghm: Silverstripe XSS vulnerability via VirtualPage

May 22, 2024

A cross-site scripting vulnerability has been discovered in the VirtualPage class.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to.

This has been resolved by ensuring that VirtualPage safely escapes all field content.

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/SS-2015-005-1.yaml
github.com/advisories/GHSA-r97r-64vp-fghm
github.com/silverstripe/silverstripe-cms
www.silverstripe.org/software/download/security-releases/ss-2015-005

Detect and mitigate GHSA-r97r-64vp-fghm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →