An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.
To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload.
This will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SSENVIRONMENTTYPE environment variable is set to dev. Production sites should always set SSENVIRONMENTTYPE to live.