CVE-2021-27938: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

March 24, 2021

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.

References

Detect and mitigate CVE-2021-27938 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 3.0.0 before 3.0.2, all versions starting from 3.1.0 before 3.1.4, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2, all versions starting from 4.2.0 before 4.2.4, all versions starting from 4.3.0 before 4.3.3, all versions starting from 4.4.0 before 4.4.3, all versions starting from 4.5.0 before 4.5.1, all versions starting from 4.6.0 before 4.6.4