cvedb.io
CVE-2025-30148
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-04-10T13:15:51.930 · Last modified 2026-06-17T09:08:15.053

Summary

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.

Affected products

silverstripe — framework

Does this affect you?

Add your gear to cvedb and we'll alert you only when silverstripe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.