GHSA-9cx2-hj6m-fv58

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9cx2-hj6m-fv58/GHSA-9cx2-hj6m-fv58.json
Aliases
  • CVE-2022-38724
Published
2022-11-21T23:58:20Z
Modified
2022-11-23T01:25:50.261592Z
Details

A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.

References

Affected packages

Packagist / silverstripe/assets

silverstripe/assets

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.11.1

Affected versions

1.*

1.0.0
1.0.1
1.0.1-rc1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.0-rc1
1.1.0-rc2
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.10.0
1.10.0-beta1
1.10.0-rc1
1.10.1
1.11.0
1.11.0-beta1
1.11.0-rc1
1.2.0
1.2.0-beta1
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.0-rc1
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.0-rc1
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.5.0
1.5.0-alpha1
1.5.0-rc1
1.5.0-rc2
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0-beta1
1.6.0-rc1
1.6.1
1.7.0
1.7.0-beta1
1.7.0-rc1
1.7.1
1.8.0
1.8.0-beta1
1.8.0-rc1
1.9.0
1.9.0-alpha1
1.9.0-beta1
1.9.0-rc1

Packagist / silverstripe/framework

silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.11.13

Affected versions

4.*

4.0.0
4.0.1
4.0.1-rc1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0
4.1.0-rc1
4.1.0-rc2
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.10.0
4.10.0-beta1
4.10.0-rc1
4.10.1
4.10.10
4.10.11
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.10.9
4.11.0
4.11.0-beta1
4.11.0-beta2
4.11.0-beta3
4.11.0-rc1
4.11.1
4.11.10
4.11.11
4.11.12
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.2.0
4.2.0-beta1
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0
4.3.0-rc1
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0
4.4.0-rc1
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.5.0
4.5.0-alpha1
4.5.0-rc1
4.5.0-rc2
4.5.1
4.5.2
4.5.3
4.5.4
4.6.0
4.6.0-beta1
4.6.0-rc1
4.6.1
4.6.2
4.7.0
4.7.0-beta1
4.7.0-rc1
4.7.1
4.7.2
4.7.3
4.7.4
4.8.0
4.8.0-beta1
4.8.0-rc1
4.8.1
4.9.0
4.9.0-alpha1
4.9.0-beta1
4.9.0-rc1
4.9.1
4.9.2
4.9.3
4.9.4