| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-1593 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe
|
10-10-2018 - 19:57 | 28-04-2010 - 23:30 | |
| CVE-2010-5095 | 4.3 |
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
|
29-08-2017 - 01:29 | 26-08-2012 - 18:55 | |
| CVE-2010-5093 | 5.0 |
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
|
27-08-2012 - 21:19 | 26-08-2012 - 18:55 | |
| CVE-2010-5094 | 5.0 |
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
|
27-08-2012 - 04:00 | 26-08-2012 - 18:55 |