VYPR
Medium severity6.1NVD Advisory· Published Mar 6, 2017· Updated Jun 17, 2026

CVE-2017-5197

CVE-2017-5197

Description

There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
silverstripe/cmsPackagist
< 3.4.43.4.4
silverstripe/cmsPackagist
>= 3.5.0, < 3.5.23.5.2

Affected products

4
  • cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*range: <=3.4.3
    • cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 3.4.4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.