CVE-2012-4968 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks (2) BigSummary (3) ContextSummary (4) EscapeXML (5) FirstParagraph (6) FirstSentence (7) Initial (8) LimitCharacters (9) LimitSentences (10) LimitWordCount (11) LimitWordCountXML (12) Lower (13) LowerCase (14) NoHTML (15) Summary (16) Upper (17) UpperCase or (18) URL method in a template different vectors than CVE-2012-0976.

Reference

http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3 https://github.com/silverstripe/sapphire/commit/0085876