Steve Boyd

4 exploits Active since Jun 2022
CVE-2024-47605 WRITEUP MEDIUM WRITEUP
Silverstripe asset-admin < 5.3.8 - oEmbed Cross-Site Scripting
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.4
CVE-2022-29858 WRITEUP MEDIUM WRITEUP
silverstripe/assets < 1.10.1 - Improper Access Control via Image Short Code Manipulation
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
CVSS 4.3
CVE-2025-25197 WRITEUP MEDIUM WRITEUP
Silverstripe Elemental <5.3.12 - XSS
Silverstripe Elemental extends a page type to swap the content area for a list of manageable elements to compose a page out of rather than a single text field. An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. This vulnerability is fixed in 5.3.12.
CVSS 5.4
CVE-2025-30148 WRITEUP MEDIUM WRITEUP
Silverstripe Framework <5.3.23 - XSS
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.
CVSS 5.4