Strix
26.1K

CVE-2024-53277

MEDIUMCVSS 5.4/10EPSS 0.30%

Last modified

CVE-2024-53277 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.30%

22.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SilverstripeFramework< 5.3.8

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-53277?
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
How severe is CVE-2024-53277?
CVE-2024-53277 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.
How do I fix CVE-2024-53277?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-53277?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST