CVE-2024-32981

Name of the Vulnerable Software and Affected Versions Silverstripe framework versions prior to 5.2.16

Description A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

Recommendations For versions prior to 5.2.16, upgrade to version 5.2.16 or later to resolve the issue. At the moment, there is no information about other workarounds for this vulnerability.