CVE-2012-4968
EPSS 0.29%Silverstripe XSS Vulnerabilities
Published: 5/17/2022Modified: 1/12/2024
Also known as:GHSA-v358-rvxr-wffx
Description
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the `AbsoluteLinks` 1. `BigSummary` 1. `ContextSummary` 1. `EscapeXML` 1. `FirstParagraph` 1. `FirstSentence` 1. `Initial` 1. `LimitCharacters` 1. `LimitSentences` 1. `LimitWordCount` 1. `LimitWordCountXML` 1. `Lower` 1. `LowerCase` 1. `NoHTML` 1. `Summary` 1. `Upper` 1. `UpperCase`, or 1. `URL` method in a template, different vectors than CVE-2012-0976.
Affected packages (1)
- Packagist/silverstripe/framework>= 2.3, < 2.3.13
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4968
- PATCHhttps://github.com/silverstripe/silverstripe-framework
- WEBhttp://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13
- WEBhttp://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7
- WEBhttps://github.com/silverstripe/sapphire/commit/0085876
- WEBhttps://github.com/silverstripe/silverstripe-framework/commit/0085876495f0f8dda5dc58cb24a8f2220e7baf1e
- WEBhttps://github.com/silverstripe/silverstripe-framework/commit/15e9e059e5948ccf8f5a36dfcb435ad26ecec334
- WEBhttp://www.openwall.com/lists/oss-security/2012/04/30/1
- WEBhttp://www.openwall.com/lists/oss-security/2012/04/30/3