Lucene search

RedhatCVE-2011-4958

HistoryApr 08, 2014 - 2:22 p.m.

CVE-2011-4958

2014-04-0814:22:07

CWE-79

redhat

web.nvd.nist.gov

cve-2011-4958

cross-site scripting

xss vulnerability

ssviewer.php

silverstripe

security vulnerability

remote code injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

79.6%

JSON

Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.

Affected configurations

Nvd

Node

silverstripesilverstripeRange≤2.3.12

silverstripesilverstripeMatch2.3.0

silverstripesilverstripeMatch2.3.0rc1

silverstripesilverstripeMatch2.3.0rc2

silverstripesilverstripeMatch2.3.0rc3

silverstripesilverstripeMatch2.3.1

silverstripesilverstripeMatch2.3.1rc1

silverstripesilverstripeMatch2.3.1rc2

silverstripesilverstripeMatch2.3.2

silverstripesilverstripeMatch2.3.3

silverstripesilverstripeMatch2.3.4

silverstripesilverstripeMatch2.3.5

silverstripesilverstripeMatch2.3.6

silverstripesilverstripeMatch2.3.7

silverstripesilverstripeMatch2.3.8

silverstripesilverstripeMatch2.3.9

silverstripesilverstripeMatch2.3.10

silverstripesilverstripeMatch2.3.11

silverstripesilverstripeMatch2.4.0

silverstripesilverstripeMatch2.4.1

silverstripesilverstripeMatch2.4.2

silverstripesilverstripeMatch2.4.3

silverstripesilverstripeMatch2.4.4

silverstripesilverstripeMatch2.4.5

VendorProductVersionCPE
silverstripesilverstripe*cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
silverstripesilverstripe2.3.0cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
silverstripesilverstripe2.3.1cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
silverstripesilverstripe2.3.2cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
silverstripesilverstripe2.3.3cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	silverstripe	*	cpe:2.3:a:silverstripe:silverstripe::::::::
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:::::::*
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1::::::
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2::::::
silverstripe	silverstripe	2.3.0	cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3::::::
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:::::::*
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1::::::
silverstripe	silverstripe	2.3.1	cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2::::::
silverstripe	silverstripe	2.3.2	cpe:2.3:a:silverstripe:silverstripe:2.3.2:::::::*
silverstripe	silverstripe	2.3.3	cpe:2.3:a:silverstripe:silverstripe:2.3.3:::::::*

Rows per page:

1-10 of 241

References

doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12

doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6

osvdb.org/76258

secunia.com/advisories/46390

www.rul3z.de/advisories/SSCHADV2011-024.txt

www.securityfocus.com/archive/1/520050/100/0/threaded

github.com/silverstripe/sapphire/commit/16c3235

github.com/silverstripe/sapphire/commit/52a895f

github.com/silverstripe/sapphire/commit/bdd6391

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

79.6%

JSON

Related for CVE-2011-4958