Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.

Remediation

References

CVE-2012-4968

Related Vulnerabilities

MySQL CVE-2014-6491 Vulnerability (CVE-2014-6491)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9407)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4421)

Drupal Core 9.2.x Directory Traversal (9.2.0 - 9.2.1)

WordPress Plugin MM Duplicate 'index.php' SQL Injection (1.2)

Severity

Medium

Classification

CVE-2012-4968 CWE-707

Tags

Missing Update Known Vulnerabilities