Lucene search

[email protected]CVE-2012-0976

HistoryFeb 02, 2012 - 5:55 p.m.

CVE-2012-0976

2012-02-0217:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-0976

cross-site scripting

xss vulnerability

silverstripe 2.4.6

admin/editform

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

silverstripesilverstripeMatch2.4.6

CPENameOperatorVersion
silverstripe:silverstripesilverstripeeq2.4.6

CPE	Name	Operator	Version
silverstripe:silverstripe	silverstripe	eq	2.4.6

References

doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13

doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7

osvdb.org/78677

packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt

secunia.com/advisories/47812

www.openwall.com/lists/oss-security/2012/04/30/3

www.securityfocus.com/bid/51761

exchange.xforce.ibmcloud.com/vulnerabilities/72820

github.com/silverstripe/sapphire/commit/252e187

github.com/silverstripe/sapphire/commit/475e077

github.com/silverstripe/sapphire/commit/5fe7091

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for CVE-2012-0976

cvelist2 nvd2 prion2 osv1 cve1 github1