← Back to CVE List

CVE-2024-32981

Published: 2024-07-17T20:15Z
Last Modified: 2024-11-21T09:16Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt