SS-2017-001: XSS In page name

January 31, 2017

SilverStripe is vulnerable to XSS via the page name. For instance, page name "><svg/onload=alert(/xss/)> will trigger an XSS alert.

References

github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
www.silverstripe.org/download/security-releases/ss-2017-001/

Code Behaviors & Features

Detect and mitigate SS-2017-001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →