GHSA-j696-6m57-mcrv

Source

https://github.com/advisories/GHSA-j696-6m57-mcrv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j696-6m57-mcrv/GHSA-j696-6m57-mcrv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j696-6m57-mcrv

Aliases

CVE-2017-14498

Published

2022-05-17T00:29:00Z

Modified

2024-02-16T08:11:00.517651Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Silverstripe CMS XSS Vulnerability

Details

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.

Database specific

{
    "nvd_published_at": "2017-09-15T18:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-27T00:42:17Z"
}

References

Affected packages

Packagist / silverstripe/cms

Package

Name: silverstripe/cms
Purl: pkg:composer/silverstripe/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1

Affected versions

2.*

2.4.9

2.4.10

2.4.11

2.4.12

2.4.13

2.5.0

3.*

3.0.2.1

3.0.3-rc1

3.0.3-rc2

3.0.3

3.0.4

3.0.5

3.0.6-rc1

3.0.6-rc2

3.0.6

3.0.7-rc1

3.0.7

3.0.8

3.0.9-rc1

3.0.9

3.0.10-rc1

3.0.10

3.0.11-rc1

3.0.11

3.0.12

3.0.13

3.0.14

3.1.0-beta1

3.1.0-beta2

3.1.0-beta3

3.1.0-rc1

3.1.0-rc2

3.1.0-rc3

3.1.0

3.1.1

3.1.2-rc1

3.1.2

3.1.3-rc1

3.1.3-rc2

3.1.3

3.1.4-rc1

3.1.4

3.1.5-rc1

3.1.5

3.1.6-rc1

3.1.6-rc2

3.1.6-rc3

3.1.6

3.1.7-rc1

3.1.7

3.1.8

3.1.9-rc1

3.1.9

3.1.10-rc1

3.1.10-rc2

3.1.10

3.1.11-rc1

3.1.11

3.1.12

3.1.13-rc1

3.1.13

3.1.14-rc1

3.1.14

3.1.15

3.1.16-rc1

3.1.16

3.1.17-rc1

3.1.17-rc2

3.1.17

3.1.18-rc1

3.1.18-rc2

3.1.18

3.1.19-rc1

3.1.19

3.1.20-rc1

3.1.20-rc2

3.1.20

3.1.21

3.2.0-beta1

3.2.0-beta2

3.2.0-rc1

3.2.0-rc2

3.2.0

3.2.1-rc1

3.2.1-rc2

3.2.1

3.2.2-rc1

3.2.2-rc2

3.2.2

3.2.3-rc1

3.2.3-rc2

3.2.3

3.2.4-rc1

3.2.4

3.2.5-rc1

3.2.5-rc2

3.2.5

3.2.6

3.3.0-beta1

3.3.0-rc1

3.3.0-rc2

3.3.0-rc3

3.3.0

3.3.1-rc1

3.3.1-rc2

3.3.1

3.3.2-rc1

3.3.2

3.3.3-rc1

3.3.3-rc2

3.3.3

3.3.4

3.4.0-rc1

3.4.0

3.4.1-rc1

3.4.1-rc2

3.4.1

3.4.2

3.4.3-rc1

3.4.3

3.4.4-rc1

3.4.4

3.4.5-rc1

3.4.5

3.4.6-rc1

3.4.6-rc2

3.4.6

3.5.0-rc1

3.5.0-rc2

3.5.0-rc3

3.5.0

3.5.1-rc1

3.5.1-rc2

3.5.1

3.5.2-rc1

3.5.2

3.5.3-rc1

3.5.3

3.5.4-rc1

3.5.4

3.5.5-beta1

3.5.5-beta2

3.5.5

3.5.6-rc1

3.5.6

3.5.7

3.5.8-rc1

3.5.8

3.6.0-beta1

3.6.0-beta2

3.6.0-rc1

3.6.0

3.6.1-alpha1

3.6.1-alpha2