Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
Metrics
Affected Vendors & Products
References
History
Thu, 04 Sep 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Silverstripe
Silverstripe framework |
|
CPEs | cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:* | |
Vendors & Products |
Silverstripe
Silverstripe framework |
Thu, 10 Apr 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 10 Apr 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23. | |
Title | Silverstripe Framework has a XSS vulnerability in HTML editor | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-04-10T13:34:14.930Z
Reserved: 2025-03-17T12:41:42.565Z
Link: CVE-2025-30148

Updated: 2025-04-10T13:34:06.723Z

Status : Analyzed
Published: 2025-04-10T13:15:51.930
Modified: 2025-09-04T17:13:05.550
Link: CVE-2025-30148

No data.

No data.