GHSA-j982-5jv7-v43r

Suggest an improvement
Source
https://github.com/advisories/GHSA-j982-5jv7-v43r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-j982-5jv7-v43r/GHSA-j982-5jv7-v43r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j982-5jv7-v43r
Published
2024-05-23T18:07:48Z
Modified
2024-11-28T05:26:01.975324Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Silverstripe Form field validation message XSS vulnerability
Details

A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.

Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-23T18:07:48Z"
}
References

Affected packages

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.1.16

Affected versions

3.*

3.0.2.1
3.0.3-rc1
3.0.3-rc2
3.0.3
3.0.4
3.0.5
3.0.6-rc1
3.0.6-rc2
3.0.6
3.0.7-rc1
3.0.7
3.0.8
3.0.9-rc1
3.0.9
3.0.10-rc1
3.0.10
3.0.11-rc1
3.0.11
3.0.12
3.0.13
3.0.14
3.1.0-beta1
3.1.0-beta2
3.1.0-beta3
3.1.0-rc1
3.1.0-rc2
3.1.0-rc3
3.1.0
3.1.1
3.1.2-rc1
3.1.2
3.1.3-rc1
3.1.3-rc2
3.1.3
3.1.4-rc1
3.1.4
3.1.5-rc1
3.1.5
3.1.6-rc1
3.1.6-rc2
3.1.6-rc3
3.1.6
3.1.7-rc1
3.1.7
3.1.8
3.1.9-rc1
3.1.9
3.1.10-rc1
3.1.10-rc2
3.1.10
3.1.11-rc1
3.1.11
3.1.12
3.1.13-rc1
3.1.13
3.1.14-rc1
3.1.14
3.1.15
3.1.16-rc1

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.2.0
Fixed
3.2.1

Affected versions

3.*

3.2.0
3.2.1-rc1
3.2.1-rc2