-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies HtmlEditorField_Toolbar#viewfile as the entry point that handles unsanitized FileURL parameter. Silverstripe's MVC pattern indicates this would be implemented as a controller action method. The lack of server-side sanitization before passing to oembed creates the vulnerability, even though current oembed validation might mitigate some risks. The function name and class structure align with Silverstripe's typical implementation patterns for CMS controller actions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 3.0.0, < 3.2.1 | 3.2.1 |