Medium severity6.1NVD Advisory· Published Mar 6, 2017· Updated Jun 17, 2026
CVE-2017-5197
CVE-2017-5197
Description
There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | < 3.4.4 | 3.4.4 |
silverstripe/cmsPackagist | >= 3.5.0, < 3.5.2 | 3.5.2 |
Affected products
4cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*range: <=3.4.3
- cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/96572nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-xmjh-wjc5-wg4hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5197ghsaADVISORY
- www.silverstripe.org/download/security-releases/nvdVendor Advisory
- web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572ghsaWEB
- www.silverstripe.org/download/security-releasesghsaWEB
News mentions
0No linked articles in our index yet.