{"id":"CVE-2017-5197","details":"There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.","aliases":["GHSA-xmjh-wjc5-wg4h"],"modified":"2026-05-18T05:49:38.411486155Z","published":"2017-03-06T06:59:00.223Z","database_specific":{},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96572"},{"type":"ADVISORY","url":"https://www.silverstripe.org/download/security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-cms","events":[{"introduced":"0"},{"last_affected":"9db49bfd62bb8d9a4f395b4548f6f8c36875553b"},{"last_affected":"de19c643fb713d0a979c115e229baea3ba1d9a83"},{"last_affected":"36287b09d009010172e988a3496be75c97c05fd0"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.4.3"},{"last_affected":"3.5.0"},{"last_affected":"3.5.1"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*","cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*"]}}],"versions":["3.5.1-rc2","3.5.1-rc1","3.5.1","3.4.3-rc1","3.4.3","3.5.0-rc2","3.5.0-rc1","3.5.0","3.5.0-rc3","3.0.0-rc1","3.0.0-beta3","3.0.0-beta2","3.0.0-beta1","3.0.0-alpha2","3.0.0-alpha1","HamishsTesta2","3.0.0-pr1","2.3.0-rc1","2.2.2-rc1","2.2.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5197.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/silverstripe/silverstripe-framework","events":[{"introduced":"0"},{"last_affected":"28d065c587601597473cb1ce247f60a38fe75f72"},{"last_affected":"179996b5f9ccbaab8882cafbf16c389623521b72"},{"last_affected":"9de539fdababce5cd506e1f02661071adeda7a6a"}],"database_specific":{"cpe":["cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*","cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.4.3"},{"last_affected":"3.5.0"},{"last_affected":"3.5.1"}]}}],"versions":["3.5.0","3.5.1","3.4.3","3.5.1-rc2","3.4.3-rc1","3.5.1-rc1","3.5.0-rc3","3.5.0-rc2","3.5.0-rc1","3.4.0-rc1","3.0.0-rc1","3.0.0-beta3","3.0.0-beta2","3.0.0-beta1","3.0.0-alpha2","3.0.0-alpha1","2.2.2-rc1","2.3.0-rc1","2.2.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}