Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2023-22729 - Open redirect vulnerability on CMSSecurity relogin screen

Medium (?)
Versions Affected:
silverstripe/framework: ^4.0.0
Versions Fixed:
silverstripe/framework: 4.12.5, 4.13.0
Release Date:

An attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link.

Base CVSS: 4.3

Reported by: Matthew Dekker