Silverstripe Framework Cross-Site Scripting Vulnerability in HTML Editor

A cross-site scripting (XSS) vulnerability has been identified in the Silverstripe Framework, which is used by Silverstripe CMS. This issue affects versions prior to 5.3.23. The vulnerability allows a user with content editing privileges to send a specially crafted encoded payload to the server. This payload could inject JavaScript into the front end of the site. While client-side sanitization removes the injected script, the server-side sanitization failed to catch it. The server-side logic has been updated to address this vulnerability.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, a user must have access to edit content within the Silverstripe CMS. The user can then send a crafted payload that includes JavaScript, such as a link with a JavaScript URL, which will be executed on the client side. The server-side sanitization will not remove the injected script, allowing it to execute in the user's browser.

Remediation

Users can upgrade to Silverstripe Framework version 5.3.23 or later, where this vulnerability has been fixed.