CVE-2022-38462

Name of the Vulnerable Software and Affected Versions Silverstripe silverstripe/framework versions 4.11 and earlier

Description The issue allows an attacker to inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a "/dev/build" or "/Security/login" request. To exploit this, an attacker would need to convince a user to follow a link with a malicious payload. This vulnerability will only affect projects configured to output PHP warnings to the browser, which is the case when the SS ENVIRONMENT TYPE environment variable is set to 'dev'. Production sites, which should have SS ENVIRONMENT TYPE set to 'live', are not affected in the same way.

Recommendations For versions 4.11 and earlier, consider setting the SS ENVIRONMENT TYPE environment variable to 'live' to prevent PHP warnings from being output to the browser, thereby minimizing the risk of exploitation. As a temporary workaround, restrict access to the "/dev/build" and "/Security/login" API endpoints until a patch is available. Avoid using these endpoints in production environments until the issue is resolved.