Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

CVE-2024-32981 XSS Vulnerability with text/html base64-encoded payload

Severity:
Medium (?)
Identifier:
CVE-2024-32981
Versions Affected:
silverstripe/framework: <5.2.16
Versions Fixed:
silverstripe/framework: 5.2.16
Release Date:
2024-07-17

A specially crafted XSS payload could be inserted into a field in the CMS when logged in as a CMS user with regular permissions. This XSS could be executed either in the CMS or on the front-end of the website.

Base CVSS: 5.4
Reported by: Jack Wallace from Bastion Security

References