Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via
AbsoluteLinks
BigSummary
ContextSummary
EscapeXML
FirstParagraph
FirstSentence
Initial
LimitCharacters
LimitSentences
LimitWordCount
LimitWordCountXML
Lower
LowerCase
NoHTML
Summary
Upper
UpperCase
, orURL
method in a template,different vectors than CVE-2012-0976.
doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13
doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7
www.openwall.com/lists/oss-security/2012/04/30/1
www.openwall.com/lists/oss-security/2012/04/30/3
github.com/silverstripe/sapphire/commit/0085876
github.com/silverstripe/silverstripe-framework
github.com/silverstripe/silverstripe-framework/commit/0085876495f0f8dda5dc58cb24a8f2220e7baf1e
github.com/silverstripe/silverstripe-framework/commit/15e9e059e5948ccf8f5a36dfcb435ad26ecec334
nvd.nist.gov/vuln/detail/CVE-2012-4968