Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe prior to 2.3.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module prior to 0.2.5 in SilverStripe prior to 2.3.5 allow remote malicious users to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.1.0 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.1.1 |
||
silverstripe silverstripe 2.2.2 |
||
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.0.0 |
||
silverstripe silverstripe 2.2.1 |
||
silverstripe silverstripe 2.2.4 |
||
silverstripe silverstripe 2.0.1 |
||
silverstripe silverstripe |
||
silverstripe silverstripe 2.0.2 |
||
silverstripe silverstripe 2.2.0 |
Vulmon