4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.4%
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via
AbsoluteLinks
BigSummary
ContextSummary
EscapeXML
FirstParagraph
FirstSentence
Initial
LimitCharacters
LimitSentences
LimitWordCount
LimitWordCountXML
Lower
LowerCase
NoHTML
Summary
Upper
UpperCase
, orURL
method in a template,different vectors than CVE-2012-0976.
CPE | Name | Operator | Version |
---|---|---|---|
silverstripe/framework | lt | 2.4.7 | |
silverstripe/framework | lt | 2.3.13 |
doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13
doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7
www.openwall.com/lists/oss-security/2012/04/30/1
www.openwall.com/lists/oss-security/2012/04/30/3
github.com/advisories/GHSA-v358-rvxr-wffx
github.com/silverstripe/sapphire/commit/0085876
github.com/silverstripe/silverstripe-framework/commit/0085876495f0f8dda5dc58cb24a8f2220e7baf1e
github.com/silverstripe/silverstripe-framework/commit/15e9e059e5948ccf8f5a36dfcb435ad26ecec334
nvd.nist.gov/vuln/detail/CVE-2012-4968