CVE-2017-5197

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
References
Link Resource
http://www.securityfocus.com/bid/96572 Third Party Advisory VDB Entry
https://www.silverstripe.org/download/security-releases/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-06 06:59

Updated : 2024-02-04 19:11


NVD link : CVE-2017-5197

Mitre link : CVE-2017-5197

CVE.ORG link : CVE-2017-5197


JSON object : View

Products Affected

silverstripe

  • silverstripe
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')