CVE-2024-53277

Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 5.3.8

Description The Silverstripe Framework, a PHP framework powering the Silverstripe CMS, has an intentional feature allowing form messages to contain HTML markup for links and other relevant content. However, some form messages include user-provided content that does not get correctly sanitized before being included, resulting in an XSS vulnerability. There are no known workarounds for this issue.

Recommendations For Silverstripe Framework versions prior to 5.3.8, upgrade to version 5.3.8 to address the vulnerability. As a temporary workaround, consider restricting user input in form messages to minimize the risk of exploitation.