CVE-2012-4968 — Cross-site Scripting in Framework

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

GHSA2.1OSV2.1

EPSS

0.3%

top 47.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Silverstripe Framework Silverstripe

Timeline

PublishedSep 17

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) …

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Packagistsilverstripe/framework2.3 — 2.3.13+1

▶NVDsilverstripe/silverstripe19 versions+18

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Silverstripe XSS Vulnerabilities↗2022-05-17

▶

OSV

Silverstripe XSS Vulnerabilities↗2022-05-17

▶