Vulnerability Description
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silverstripe | Silverstripe | 2.3.0 |
Related Weaknesses (CWE)
References
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4ExploitPatchVendor Advisory
- http://open.silverstripe.org/changeset/114444ExploitPatch
- http://secunia.com/advisories/42346Vendor Advisory
- http://www.openwall.com/lists/oss-security/2011/01/03/12
- http://www.openwall.com/lists/oss-security/2012/04/30/1
- http://www.openwall.com/lists/oss-security/2012/04/30/3
- http://www.openwall.com/lists/oss-security/2012/05/01/3
- http://www.osvdb.org/69886
- http://www.securityfocus.com/bid/45367
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63988
- http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4ExploitPatchVendor Advisory
- http://open.silverstripe.org/changeset/114444ExploitPatch
- http://secunia.com/advisories/42346Vendor Advisory
- http://www.openwall.com/lists/oss-security/2011/01/03/12
- http://www.openwall.com/lists/oss-security/2012/04/30/1
FAQ
What is CVE-2010-4823?
CVE-2010-4823 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is n...
How severe is CVE-2010-4823?
CVE-2010-4823 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4823?
Check the references section above for vendor advisories and patch information. Affected products include: Silverstripe Silverstripe.