CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
78.2%
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
Vendor | Product | Version | CPE |
---|---|---|---|
silverstripe | silverstripe | * | cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.0.0 | cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.0.1 | cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.0.2 | cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.1.0 | cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.1.1 | cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.2.0 | cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.2.1 | cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.2.2 | cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:* |
silverstripe | silverstripe | 2.2.4 | cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html
groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456
open.silverstripe.org/changeset/97074
open.silverstripe.org/wiki/ChangeLog/2.3.5
osvdb.org/61921
osvdb.org/61923
secunia.com/advisories/38290
secunia.com/advisories/38347
www.securityfocus.com/archive/1/509139/100/0/threaded
www.securityfocus.com/bid/37923
www.silverstripe.org/security-releases/
exchange.xforce.ibmcloud.com/vulnerabilities/55838
exchange.xforce.ibmcloud.com/vulnerabilities/55839