lack of validating transfer of tokens entered by the user

Lines of code Vulnerability details Impact As we have not defined the implementation of note, it should be validated that note.transferrecipient, amount returns true. This is important, since the transaction could not be carried out and the function executed as correct. In the comments of the cod...

CVE-2010-4823

Cross-site scripting XSS vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."...