NotCVE - vendor:"Silverstripe" product:"Silverstripe" version:"2.4.6"

Page 3 of 23 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-8606

https://notcve.org/view.php?id=CVE-2015-8606

13 Apr 2016 — Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. Múltiples vulnerabilidades de XSS en SilverStripe CMS & Framework en versiones anteriores a 3.1.16 y 3.2.x en versiones anteriores a 3.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a... • http://seclists.org/fulldisclosure/2015/Dec/55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 1

CVE-2012-4968

https://notcve.org/view.php?id=CVE-2012-4968

17 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method i... • http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2012-0976

https://notcve.org/view.php?id=CVE-2012-0976

02 Feb 2012 — Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/EditForm in SilverStripe v2.4.6 permite a usuarios remotos autenticados con privilegios de los autores de contenido para inyectar secuencias d... • http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3