PT-2012-2982 · Silverstripe · Silverstripe

Chillu

Published

2012-02-02

Updated

2017-08-29

CVE-2012-0976

CVSS v2.0

2.1

Low

Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SilverStripe version 2.4.6

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter in the admin/EditForm section.

Recommendations For SilverStripe version 2.4.6, consider restricting access to the admin/EditForm section to prevent exploitation until a fix is available. As a temporary workaround, avoid using the Title parameter in the affected section until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-0976

Affected Products

Silverstripe

PT-2012-2982 · Silverstripe · Silverstripe

CVE-2012-0976

Weakness Enumeration

Related Identifiers

Affected Products

References · 13