CVE-2012-4968

EPSS 0.29%

Silverstripe XSS Vulnerabilities

發布日:2022/5/17修改日:2024/1/12

描述

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the `AbsoluteLinks` 1. `BigSummary` 1. `ContextSummary` 1. `EscapeXML` 1. `FirstParagraph` 1. `FirstSentence` 1. `Initial` 1. `LimitCharacters` 1. `LimitSentences` 1. `LimitWordCount` 1. `LimitWordCountXML` 1. `Lower` 1. `LowerCase` 1. `NoHTML` 1. `Summary` 1. `Upper` 1. `UpperCase`, or 1. `URL` method in a template, different vectors than CVE-2012-0976.

受影響套件(1)

Packagist/silverstripe/framework>= 2.3, < 2.3.13

參考連結(9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4968
PATCHhttps://github.com/silverstripe/silverstripe-framework
WEBhttp://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13
WEBhttp://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7
WEBhttps://github.com/silverstripe/sapphire/commit/0085876
WEBhttps://github.com/silverstripe/silverstripe-framework/commit/0085876495f0f8dda5dc58cb24a8f2220e7baf1e
WEBhttps://github.com/silverstripe/silverstripe-framework/commit/15e9e059e5948ccf8f5a36dfcb435ad26ecec334
WEBhttp://www.openwall.com/lists/oss-security/2012/04/30/1
WEBhttp://www.openwall.com/lists/oss-security/2012/04/30/3