Silverstripe · Silverstripe/Framework · CVE-2024-32981
**Name of the Vulnerable Software and Affected Versions**
Silverstripe framework versions prior to 5.2.16
**Description**
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
**Recommendations**
For versions prior to 5.2.16, upgrade to version 5.2.16 or later to resolve the issue.
At the moment, there is no information about other workarounds for this vulnerability.