CVE-2015-8606
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2015/12/17/1
- http://www.openwall.com/lists/oss-security/2015/12/17/11
- http://www.openwall.com/lists/oss-security/2015/12/18/5
- http://www.silverstripe.org/download/security-releases/ss-2015-026
- http://seclists.org/fulldisclosure/2015/Dec/55
- https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html
References
- http://www.openwall.com/lists/oss-security/2015/12/17/1
- http://www.openwall.com/lists/oss-security/2015/12/17/11
- http://www.openwall.com/lists/oss-security/2015/12/18/5
- http://www.silverstripe.org/download/security-releases/ss-2015-026
- http://seclists.org/fulldisclosure/2015/Dec/55
- https://cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.