A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| symbiote/silverstripe-queuedjobs(Packagist) | 3.0.0 | 3.0.2 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 3.1.0 | 3.1.4 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.0.0 | 4.0.7 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.1.0 | 4.1.2 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.2.0 | 4.2.4 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.3.0 | 4.3.3 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.4.0 | 4.4.3 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.5.0 | 4.5.1 | N/A |
| symbiote/silverstripe-queuedjobs(Packagist) | 4.6.0 | 4.6.4 | N/A |
CVSS Metrics
