QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8606

Published: Apr 13, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20151217 Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0

mailing-list

x_refsource_MLIST

[oss-security] 20151217 Re: Cross site scripting vulnerability (XSS) in SilverStripe CMS & Framework v3.2.0

mailing-list

x_refsource_MLIST

[oss-security] 20151218 [FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability

mailing-list

x_refsource_MLIST

http://www.silverstripe.org/download/security-releases/ss-2015-026

x_refsource_CONFIRM

20151213 SilverStripe CMS & Framework v3.2.0 - Cross-Site Scripting Vulnerability

mailing-list

x_refsource_FULLDISC

https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.