Description

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

Remediation

References

CVE-2019-12203

Related Vulnerabilities

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

PHP4 IMAP module buffer overflow vulnerability

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4848)

WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins Cross-Site Scripting (4.7.0.5)

Severity

Medium

Classification

CVE-2019-12203 CWE-384 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities