CVE-2024-32981 XSS Vulnerability with text/html base64-encoded payload
- Severity:
- Medium (?)
- Identifier:
- CVE-2024-32981
- Versions Affected:
- silverstripe/framework: <5.2.16
- Versions Fixed:
- silverstripe/framework: 5.2.16
- Release Date:
- 2024-07-17
A specially crafted XSS payload could be inserted into a field in the CMS when logged in as a CMS user with regular permissions. This XSS could be executed either in the CMS or on the front-end of the website.
Base CVSS: 5.4
Reported by: Jack Wallace from Bastion Security