CVE-2012-6458 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName (2) Surname or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739