CVE-2015-8606 — Cross-site Scripting in CMS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 38.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Silverstripe CMS Silverstripe

Timeline

PublishedApr 13

Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagistsilverstripe/cms3.2.0 — 3.2.1+1

▶NVDsilverstripe/silverstripe3.1.15+1

🔴Vulnerability Details

OSV

Silverstripe CMS XSS Vulnerability↗2022-05-13

▶

GHSA

Silverstripe CMS XSS Vulnerability↗2022-05-13

▶