Name of the Vulnerable Software and Affected Versions Silverstripe CMS (affected versions not specified)

Description The issue arises from the core template framework/templates/Includes/GridField print.ss using "Printed by $Member.Name". If the currently logged-in member's first name or surname contains XSS, this prints the raw HTML out. The Member->getName() function returns the raw FirstName + Surname as a string, which is injected directly. This could potentially lead to XSS attacks.

Recommendations For the affected versions, consider modifying the framework/templates/Includes/GridField print.ss template to properly sanitize the output of Member->getName() to prevent XSS injections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.