2 matches found
CVE-2010-1593
Multiple cross-site scripting XSS vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via 1 the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject...
CVE-2010-1593
SilverStripe is affected by multiple XSS vulnerabilities in versions before 2.3.5. The flaws allow remote attackers to inject arbitrary JavaScript/HTML via unsanitized user input in two vectors: (1) the CommenterURL parameter to PostCommentForm, and (2) the Search parameter in the Forums module (...