Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4, when custom error handling is not used, allows remote malicious users to inject arbitrary web script or HTML via "missing URL actions."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.9 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.6 |
||
silverstripe silverstripe 2.3.7 |
||
silverstripe silverstripe 2.3.8 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.4.2 |
||
silverstripe silverstripe 2.4.3 |
||
silverstripe silverstripe 2.4.0 |
||
silverstripe silverstripe 2.4.1 |