Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x prior to 2.3.13 and 2.4.x prior to 2.4.7 allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
silverstripe silverstripe 2.3.9 |
||
silverstripe silverstripe 2.3.10 |
||
silverstripe silverstripe 2.3.11 |
||
silverstripe silverstripe 2.3.12 |
||
silverstripe silverstripe 2.3.1 |
||
silverstripe silverstripe 2.3.2 |
||
silverstripe silverstripe 2.3.3 |
||
silverstripe silverstripe 2.3.4 |
||
silverstripe silverstripe 2.3.0 |
||
silverstripe silverstripe 2.3.5 |
||
silverstripe silverstripe 2.3.7 |
||
silverstripe silverstripe 2.3.6 |
||
silverstripe silverstripe 2.3.8 |
||
silverstripe silverstripe 2.4.3 |
||
silverstripe silverstripe 2.4.5 |
||
silverstripe silverstripe 2.4.6 |
||
silverstripe silverstripe 2.4.0 |
||
silverstripe silverstripe 2.4.2 |
||
silverstripe silverstripe 2.4.1 |
Vulmon