Lucene search

MitreCVE-2010-1593

HistoryApr 28, 2010 - 11:30 p.m.

CVE-2010-1593

2010-04-2823:30:00

CWE-79

mitre

web.nvd.nist.gov

xss

silverstripe

web script

html

security vulnerability

cve-2010-1593

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

78.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).

Affected configurations

Nvd

Node

silverstripesilverstripeRange≤2.3.4

silverstripesilverstripeMatch2.0.0

silverstripesilverstripeMatch2.0.1

silverstripesilverstripeMatch2.0.2

silverstripesilverstripeMatch2.1.0

silverstripesilverstripeMatch2.1.1

silverstripesilverstripeMatch2.2.0

silverstripesilverstripeMatch2.2.1

silverstripesilverstripeMatch2.2.2

silverstripesilverstripeMatch2.2.4

silverstripesilverstripeMatch2.3.0

silverstripesilverstripeMatch2.3.0rc1

silverstripesilverstripeMatch2.3.0rc2

silverstripesilverstripeMatch2.3.0rc3

silverstripesilverstripeMatch2.3.1

silverstripesilverstripeMatch2.3.1rc1

silverstripesilverstripeMatch2.3.1rc2

silverstripesilverstripeMatch2.3.2

silverstripesilverstripeMatch2.3.3

VendorProductVersionCPE
silverstripesilverstripe*cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
silverstripesilverstripe2.0.0cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*
silverstripesilverstripe2.0.1cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*
silverstripesilverstripe2.0.2cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*
silverstripesilverstripe2.1.0cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*
silverstripesilverstripe2.1.1cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*
silverstripesilverstripe2.2.0cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*
silverstripesilverstripe2.2.1cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*
silverstripesilverstripe2.2.2cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*
silverstripesilverstripe2.2.4cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	silverstripe	*	cpe:2.3:a:silverstripe:silverstripe::::::::
silverstripe	silverstripe	2.0.0	cpe:2.3:a:silverstripe:silverstripe:2.0.0:::::::*
silverstripe	silverstripe	2.0.1	cpe:2.3:a:silverstripe:silverstripe:2.0.1:::::::*
silverstripe	silverstripe	2.0.2	cpe:2.3:a:silverstripe:silverstripe:2.0.2:::::::*
silverstripe	silverstripe	2.1.0	cpe:2.3:a:silverstripe:silverstripe:2.1.0:::::::*
silverstripe	silverstripe	2.1.1	cpe:2.3:a:silverstripe:silverstripe:2.1.1:::::::*
silverstripe	silverstripe	2.2.0	cpe:2.3:a:silverstripe:silverstripe:2.2.0:::::::*
silverstripe	silverstripe	2.2.1	cpe:2.3:a:silverstripe:silverstripe:2.2.1:::::::*
silverstripe	silverstripe	2.2.2	cpe:2.3:a:silverstripe:silverstripe:2.2.2:::::::*
silverstripe	silverstripe	2.2.4	cpe:2.3:a:silverstripe:silverstripe:2.2.4:::::::*

Rows per page:

1-10 of 191

References

archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.html

groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456

open.silverstripe.org/changeset/97074

open.silverstripe.org/wiki/ChangeLog/2.3.5

osvdb.org/61921

osvdb.org/61923

secunia.com/advisories/38290

secunia.com/advisories/38347

www.securityfocus.com/archive/1/509139/100/0/threaded

www.securityfocus.com/bid/37923

www.silverstripe.org/security-releases/

exchange.xforce.ibmcloud.com/vulnerabilities/55838

exchange.xforce.ibmcloud.com/vulnerabilities/55839

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

78.2%

JSON

Related for CVE-2010-1593