Description

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-0976

Related Vulnerabilities

Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-5482)

XOOPS CVE-2009-3963 Vulnerability (CVE-2009-3963)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)

WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)

PHP Other Vulnerability (CVE-2015-8866)

Severity

Low

Classification

CVE-2012-0976 CWE-707

Tags

Missing Update Known Vulnerabilities