Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 04 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Silverstripe
Silverstripe framework
CPEs cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*
Vendors & Products Silverstripe
Silverstripe framework

Thu, 10 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 10 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
Description Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
Title Silverstripe Framework has a XSS vulnerability in HTML editor
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-04-10T13:34:14.930Z

Reserved: 2025-03-17T12:41:42.565Z

Link: CVE-2025-30148

cve-icon Vulnrichment

Updated: 2025-04-10T13:34:06.723Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-10T13:15:51.930

Modified: 2025-09-04T17:13:05.550

Link: CVE-2025-30148

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.