icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SilverStripe < 2.3.5 Cross-site Scripting Vulnerability

High

Synopsis

The remote web server is hosting an application that is vulnerable to a cross-site scripting attack.

Description

The remote web server is hosting SilverStripe CMS. The installed version of SilverStripe is earlier than 2.3.5. Such versions are potentially affected by a persistent cross-site scripting vulnerability becase the application fails to properly sanitize user-supplied input to the 'CommenterURL' parameter in the comment posting mechanism. An attacker could exploit this flaw in order to execute arbitrary script code in a user's browser.

Solution

Upgrade to SilverStripe 2.3.5 or later.