CVE-2012-6458

by Fred · 09/08/2013

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.

Date published : 2013-08-09

http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html

https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739

CVE-2012-6458

Similar

Recent Posts

Categories

CVE-2012-6458

Share this:

Similar

Recent Posts

Categories

Tags