GHSA-v358-rvxr-wffx

Suggest an improvement
Source
https://github.com/advisories/GHSA-v358-rvxr-wffx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v358-rvxr-wffx/GHSA-v358-rvxr-wffx.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-v358-rvxr-wffx
Aliases
  • CVE-2012-4968
Published
2022-05-17T05:22:19Z
Modified
2024-01-12T20:42:12.438801Z
Summary
Silverstripe XSS Vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1. Initial 1. LimitCharacters 1. LimitSentences 1. LimitWordCount 1. LimitWordCountXML 1. Lower 1. LowerCase 1. NoHTML 1. Summary 1. Upper 1. UpperCase, or 1. URL method in a template,

different vectors than CVE-2012-0976.

Database specific
{
    "nvd_published_at": "2012-09-17T17:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T20:16:37Z"
}
References

Affected packages

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3
Fixed
2.3.13

Packagist / silverstripe/framework

Package

Name
silverstripe/framework
Purl
pkg:composer/silverstripe/framework

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4
Fixed
2.4.7