Intelligence Center » Browse All Vulnerabilities » CVE-2012-4968
Overview |
|
Vulnerability Score | ![]() |
CVE Id | CVE-2012-4968 |
Last Modified | 18 Sep 2012 12:00:00 |
Published | 17 Sep 2012 01:55:03 |
Confidentiality Impact | ![]() |
Integrity Impact | ![]() |
Availability Impact | ![]() |
Access Vector | NETWORK |
Access Complexity | MEDIUM |
Authentication | NONE |

CVE-2012-4968
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
Vulnerable Systems
Application
Silverstripe 2.3.0
Silverstripe 2.3.1
Silverstripe 2.3.10
Silverstripe 2.3.11
Silverstripe 2.3.12
Silverstripe 2.3.2
Silverstripe 2.3.3
Silverstripe 2.3.4
Silverstripe 2.3.5
Silverstripe 2.3.6
Silverstripe 2.3.7
Silverstripe 2.3.8
Silverstripe 2.3.9
Silverstripe 2.4.0
Silverstripe 2.4.1
Silverstripe 2.4.2
Silverstripe 2.4.3
Silverstripe 2.4.5
Silverstripe 2.4.6
References
CONFIRM - https://github.com/silverstripe/sapphire/commit/0085876
MLIST - [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4
MLIST - [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4
CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7
CONFIRM - http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13
Last Updated: 27 May 2016 11:00:43