GHSA-chx7-9x8h-r5mg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-chx7-9x8h-r5mg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-chx7-9x8h-r5mg/GHSA-chx7-9x8h-r5mg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-chx7-9x8h-r5mg
- Aliases
- Published
- 2024-07-17T14:27:37Z
- Modified
- 2025-09-04T16:13:17.004363Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
- Details
-
Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this type of attack.
References
- https://www.silverstripe.org/download/security-releases/cve-2024-32981
- Database specific
{ "severity": "MODERATE", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "nvd_published_at": "2024-07-17T20:15:05Z", "github_reviewed_at": "2024-07-17T14:27:37Z" }- References
-
- https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
- https://nvd.nist.gov/vuln/detail/CVE-2024-32981
- https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
- https://github.com/silverstripe/silverstripe-framework
- https://www.silverstripe.org/download/security-releases/cve-2024-32981
Affected packages
Packagist / silverstripe/framework
Package
- Name
- silverstripe/framework
- Purl
- pkg:composer/silverstripe/framework
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.16
Affected versions
2.*
2.4.9
2.4.10
2.4.11
2.4.12
2.4.13
2.5.0
3.*
3.0.2.1
3.0.3-rc1
3.0.3-rc2
3.0.3
3.0.4
3.0.5
3.0.6-rc1
3.0.6-rc2
3.0.6
3.0.7-rc1
3.0.7
3.0.8
3.0.9-rc1
3.0.9
3.0.10-rc1
3.0.10
3.0.11-rc1
3.0.11
3.0.12
3.0.13
3.0.14
3.1.0-beta1
3.1.0-beta2
3.1.0-beta3
3.1.0-rc1
3.1.0-rc2
3.1.0-rc3
3.1.0
3.1.1
3.1.2-rc1
3.1.2
3.1.3-rc1
3.1.3-rc2
3.1.3
3.1.4-rc1
3.1.4
3.1.5-rc1
3.1.5
3.1.6-rc1
3.1.6-rc2
3.1.6-rc3
3.1.6
3.1.7-rc1
3.1.7
3.1.8
3.1.9-rc1
3.1.9
3.1.10-rc1
3.1.10-rc2
3.1.10
3.1.11-rc1
3.1.11
3.1.12
3.1.13-rc1
3.1.13
3.1.14-rc1
3.1.14
3.1.15
3.1.16-rc1
3.1.16
3.1.17-rc1
3.1.17-rc2
3.1.17
3.1.18-rc1
3.1.18-rc2
3.1.18
3.1.19-rc1
3.1.19
3.1.20-rc1
3.1.20-rc2
3.1.20
3.1.21
3.2.0-beta1
3.2.0-beta2
3.2.0-rc1
3.2.0-rc2
3.2.0
3.2.1-rc1
3.2.1-rc2
3.2.1
3.2.2-rc1
3.2.2-rc2
3.2.2
3.2.3-rc1
3.2.3-rc2
3.2.3
3.2.4-rc1
3.2.4
3.2.5-rc1
3.2.5-rc2
3.2.5
3.2.6
3.3.0-beta1
3.3.0-rc1
3.3.0-rc2
3.3.0-rc3
3.3.0
3.3.1-rc1
3.3.1-rc2
3.3.1
3.3.2-rc1
3.3.2
3.3.3-rc1
3.3.3-rc2
3.3.3
3.3.4
3.4.0-rc1
3.4.0
3.4.1-rc1
3.4.1-rc2
3.4.1
3.4.2
3.4.3-rc1
3.4.3
3.4.4-rc1
3.4.4
3.4.5-rc1
3.4.5
3.4.6-rc1
3.4.6-rc2
3.4.6
3.5.0-rc1
3.5.0-rc2
3.5.0-rc3
3.5.0
3.5.1-rc1
3.5.1-rc2
3.5.1
3.5.2-rc1
3.5.2
3.5.3-rc1
3.5.3
3.5.4-rc1
3.5.4
3.5.5-beta1
3.5.5-beta2
3.5.5
3.5.6-rc1
3.5.6
3.5.7
3.5.8-rc1
3.5.8
3.6.0-beta1
3.6.0-beta2
3.6.0-rc1
3.6.0
3.6.1-alpha2
3.6.1
3.6.2-beta1
3.6.2-beta2
3.6.2
3.6.3-rc2
3.6.3
3.6.4
3.6.5
3.6.6-rc1
3.6.6
3.6.7
3.6.8
3.7.0
3.7.1-rc1
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
4.*
4.0.0-alpha1
4.0.0-alpha2
4.0.0-alpha3
4.0.0-alpha4
4.0.0-alpha5
4.0.0-alpha6
4.0.0-alpha7
4.0.0-beta1
4.0.0-beta2
4.0.0-beta3
4.0.0-beta4
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.0.0
4.0.1-rc1
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.1.0-rc1
4.1.0-rc2
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.2.0-beta1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0-rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.0-rc1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.5.0-alpha1
4.5.0-rc1
4.5.0-rc2
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.6.0-beta1
4.6.0-rc1
4.6.0
4.6.1
4.6.2
4.7.0-beta1
4.7.0-rc1
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.8.0-beta1
4.8.0-rc1
4.8.0
4.8.1
4.9.0-alpha1
4.9.0-beta1
4.9.0-rc1
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.10.0-beta1
4.10.0-rc1
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.10.9
4.10.10
4.10.11
4.11.0-beta1
4.11.0-beta2
4.11.0-beta3
4.11.0-rc1
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.11.10
4.11.11
4.11.12
4.11.13
4.11.14
4.11.15
4.11.16
4.12.0-beta1
4.12.0-rc1
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.12.6
4.12.7
4.13.0-beta1
4.13.0-rc1
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.13.10
4.13.11
4.13.12
4.13.13
4.13.14
4.13.15
4.13.16
4.13.17
4.13.18
4.13.19
4.13.20
4.13.21
4.13.22
4.13.23
4.13.24
4.13.25
4.13.26
4.13.27
4.13.28
4.13.29
4.13.30
4.13.31
4.13.32
4.13.33
4.13.34
4.13.35
4.13.36
4.13.37
4.13.38
4.13.39
4.13.40
4.13.41
4.13.42
4.13.43
4.13.44
5.*
5.0.0-alpha1
5.0.0-beta1
5.0.0-beta2
5.0.0-beta3
5.0.0-rc1
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.16
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.1.0-beta1
5.1.0-rc1
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.1.8
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.14
5.1.15
5.1.16
5.1.17
5.1.18
5.1.19
5.1.20
5.1.21
5.1.22
5.1.23
5.2.0-beta1
5.2.0-rc1
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.2.10
5.2.11
5.2.12
5.2.13
5.2.14
5.2.15