Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.

Remediation

References

CVE-2015-5063

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Unspecified Vulnerability (2.1.26)

WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)

Oracle Application Server Other Vulnerability (CVE-2002-1631)

WordPress Plugin W3 Total Cache Backdoor (0.9.2.2)

MySQL CVE-2014-2451 Vulnerability (CVE-2014-2451)

Severity

Medium

Classification

CVE-2015-5063 CWE-707

Tags

Missing Update Known Vulnerabilities