CVE-2015-8606

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
cpe:2.3:a:silverstripe:silverstripe:3.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-04-13 15:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-8606

Mitre link : CVE-2015-8606

CVE.ORG link : CVE-2015-8606


JSON object : View

Products Affected

silverstripe

  • silverstripe
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')