Home
» GitHub Advisories
» GHSA-xgpf-p52j-pf7m
Description
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.
Basic information
Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
—
Source code
Not specified
Published (advisory)
2021-03-24 17:42:02 UTC
Updated
2023-02-01 05:05:20 UTC
GitHub reviewed
2021-03-24 17:41:15 UTC
NVD published
2021-03-16
EPSS Score
Score
Percentile
0.24%
47.18%
CVSS Scores
No CVSS scores in this advisory.
CWEs
CWE id
Name
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected packages (9)
Vulnerable version ranges and first patched releases as published by GitHub.
Ecosystem
Package
Vulnerable range
First patched
Vulnerable functions
composer
symbiote/silverstripe-queuedjobs
>= 3.0.0, < 3.0.2
3.0.2
—
composer
symbiote/silverstripe-queuedjobs
>= 3.1.0, < 3.1.4
3.1.4
—
composer
symbiote/silverstripe-queuedjobs
>= 4.0.0, < 4.0.7
4.0.7
—
composer
symbiote/silverstripe-queuedjobs
>= 4.1.0, < 4.1.2
4.1.2
—
composer
symbiote/silverstripe-queuedjobs
>= 4.2.0, < 4.2.4
4.2.4
—
composer
symbiote/silverstripe-queuedjobs
>= 4.3.0, < 4.3.3
4.3.3
—
composer
symbiote/silverstripe-queuedjobs
>= 4.4.0, < 4.4.3
4.4.3
—
composer
symbiote/silverstripe-queuedjobs
>= 4.5.0, < 4.5.1
4.5.1
—
composer
symbiote/silverstripe-queuedjobs
>= 4.6.0, < 4.6.4
4.6.4
—
cvelogic
Threat Intelligence