Moderate severityNVD Advisory· Published Jun 24, 2015· Updated May 6, 2026

CVE-2015-5062

Description

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
silverstripe/cmsPackagist	<= 3.1.13	—
silverstripe/frameworkPackagist	<= 3.1.13	—

Affected products

Silverstripe/Silverstripe
cpe:2.3:a:silverstripe:silverstripe:3.1.13:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.htmlnvdExploitWEB
github.com/advisories/GHSA-fh35-p8ph-p545ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-5062ghsaADVISORY
hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txtnvdWEB
web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419ghsaWEB
web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threadedghsaWEB
www.securityfocus.com/archive/1/535716/100/0/threadednvd
www.securityfocus.com/bid/75419nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000