NVD

Id
16058  
Name
CVE-2010-4823  
Description
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2012-09-17  
Modified Date
2012-09-18  
Seq
2010-4823  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
90788 16058 CVE-2010-4823 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4  View
90789 16058 CVE-2010-4823 http://open.silverstripe.org/changeset/114444  View
90790 16058 CVE-2010-4823 [oss-security] 20110104 CVE request: silverstripe before 2.4.4  View
90791 16058 CVE-2010-4823 [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4  View
90792 16058 CVE-2010-4823 [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4  View
90793 16058 CVE-2010-4823 [oss-security] 20120501 Re: CVE-request: SilverStripe before 2.4.4  View
90794 16058 CVE-2010-4823 45367  View
90795 16058 CVE-2010-4823 silverstripe-requesthandler-xss(63988)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
38518 JVNDB-2010-004303 SilverStripe におけるクロスサイトスクリプティングの脆弱性 SilverStripe の sapphire/core/control/RequestHandler.php の httpError メソッドには、カスタムエラー処理が使用されていない際に、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2010-4823 47403 CVE-2010-4823 16058 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004303.html 2010-12-21 2012-09-20 View