Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2022-38462 Reflected XSS in querystring parameters

Medium (?)
Versions Affected:
silverstripe/framework: ^3.0.0, ^4.0.0
Versions Fixed:
silverstripe/framework: 4.11.13
Release Date:

An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.

To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload.

This will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SS_ENVIRONMENT_TYPE environment variable is set to dev. Production sites should always set SS_ENVIRONMENT_TYPE to live.

Read the Environment management documentation for more details on configuring environment variables.

Most projects should be able to apply the patch without further work. There's no legitimate use case for this behaviour.

Regression testing should focus on areas where the location header is used to redirect users.

Base CVSS: 4.2

Reported by: TF1T via