PT-2023-22008 · Silverstripe · Silverstripe Form Capture

Tommcclymont

Publicado

2023-04-03

Atualizado

2023-04-12

CVE-2023-28851

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Silverstripe Form Capture versions 0.2.0 through 1.0.1 Silverstripe Form Capture versions 1.1.1 through 2.2.4 Silverstripe Form Capture versions 3.1.0

Description The issue arises from improper escaping when presenting stored form submissions, allowing an attacker to perform a Cross-Site Scripting attack.

Recommendations For versions 0.2.0 through 1.0.1, update to version 1.0.2 or later. For versions 1.1.1 through 2.2.4, update to version 2.2.5 or later. For version 3.1.0, update to version 3.1.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-80CWE-79

Identificadores relacionados

CVE-2023-28851

GHSA-38H6-GMR2-J4WX

Produtos afetados

Silverstripe Form Capture

PT-2023-22008 · Silverstripe · Silverstripe Form Capture

CVE-2023-28851

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9