CVE-2012-6458

Multiple cross-site scripting (XSS) vulnerabilities affect the SilverStripe e-commerce module 3.0 for SilverStripe CMS, allowing remote attackers to inject arbitrary web script or HTML via parameters in code/forms/OrderFormAddress.php (FirstName, Surname, Email) or code/forms/ShopAccountForm.php ...