Back to search
CVE-2010-1593
Published: Apr 28, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.silverstripe.org/security-releases/
x_refsource_CONFIRM
61921
vdb-entry
x_refsource_OSVDB
38347
third-party-advisory
x_refsource_SECUNIA
61923
vdb-entry
x_refsource_OSVDB
20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities
mailing-list
x_refsource_BUGTRAQ
http://open.silverstripe.org/wiki/ChangeLog/2.3.5
x_refsource_CONFIRM
silverstripe-comment-xss(55838)
vdb-entry
x_refsource_XF
37923
vdb-entry
x_refsource_BID
20100122 Silverstripe <= v2.3.4: two XSS vulnerabilities
mailing-list
x_refsource_FULLDISC
silverstripe-search-xss(55839)
vdb-entry
x_refsource_XF
http://open.silverstripe.org/changeset/97074
x_refsource_CONFIRM
38290
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now