Miggo Logo

GHSA-5f5v-5c3v-gw5v: Silverstripe IE requests not properly behaving with rewritehashlinks

6.1

CVSS Score
3.1

Basic Information

CVE ID
-
EPSS Score
-
Published
5/23/2024
Updated
5/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
silverstripe/frameworkcomposer<= 3.0.123.0.13
silverstripe/frameworkcomposer>= 3.1.0, <= 3.1.113.1.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from using strip_tags() instead of proper encoding when handling $_SERVER['REQUEST_URI'] in URL rewriting logic. The patch replaces strip_tags() with Convert::raw2att() in both SSViewer::process() and SSTemplateParser's template processing functions. These locations directly output user-controlled URL data without adequate HTML entity encoding, making them the root cause of reflected XSS when Internet Explorer sends unencoded payloads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Non I* *rows*rs *on’t *pp**r to ** *****t**, *ut I **v*n’t t*st** * wi** r*n** o* *rows*rs to ** sur* R*qu*sts t**t *om* t*rou** *rom I* *o NOT *pp**r to *n*o** *ll *ntiti*s in t** URL strin*, m**nin* t**y *r* ins*rt** into output *ont*nt *ir**tly

Reasoning

T** vuln*r**ility st*ms *rom usin* strip_t**s() inst*** o* prop*r *n*o*in* w**n **n*lin* $_S*RV*R['R*QU*ST_URI'] in URL r*writin* lo*i*. T** p*t** r*pl***s strip_t**s() wit* *onv*rt::r*w**tt() in *ot* SSVi*w*r::pro**ss() *n* SST*mpl*t*P*rs*r's t*mpl*