Leo Diamat

**Name of the Vulnerable Software and Affected Versions** Silverstripe Framework versions prior to 5.3.8 **Description** The Silverstripe Framework, a PHP framework powering the Silverstripe CMS, has an intentional feature allowing form messages to contain HTML markup for links and other relevant content. However, some form messages include user-provided content that does not get correctly sanitized before being included, resulting in an XSS vulnerability. There are no known workarounds for this issue. **Recommendations** For Silverstripe Framework versions prior to 5.3.8, upgrade to version 5.3.8 to address the vulnerability. As a temporary workaround, consider restricting user input in form messages to minimize the risk of exploitation.