Vulnerabilities

CVE-2015-8606

by Fred · 13/04/2016

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.

Date published : 2016-04-13

http://www.silverstripe.org/download/security-releases/ss-2015-026

http://seclists.org/fulldisclosure/2015/Dec/55

Similar

Tags: Cybersecurity Alert