Name of the Vulnerable Software and Affected Versions SilverStripe framework (affected versions not specified)

Description A high-level XSS issue has been found in the SilverStripe framework. It affects how links with hash anchors are rewritten. The rewriteHashlinks option in SSViewer rewrites these links to include the current URL, but it does so without proper escaping. This allows HTML injection by adding unsafe values to any page via the query string. It is likely that many SilverStripe sites are affected due to the nature of this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.