CVE-2010-4823 Information
Description
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 when custom error handling is not used allows remote attackers to inject arbitrary web script or HTML via \missing URL actions.\
Reference
http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 http://open.silverstripe.org/changeset/114444 http://secunia.com/advisories/42346 http://www.openwall.com/lists/oss-security/2011/01/03/12 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://www.openwall.com/lists/oss-security/2012/05/01/3 http://www.osvdb.org/69886 http://www.securityfocus.com/bid/45367 https://exchange.xforce.ibmcloud.com/vulnerabilities/63988
Share on: