CVE-2015-8606: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
References
- seclists.org/fulldisclosure/2015/Dec/55
- www.openwall.com/lists/oss-security/2015/12/17/1
- www.openwall.com/lists/oss-security/2015/12/17/11
- www.openwall.com/lists/oss-security/2015/12/18/5
- www.silverstripe.org/download/security-releases/ss-2015-026
- cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.html
- github.com/advisories/GHSA-gvc8-xjfp-6569
- nvd.nist.gov/vuln/detail/CVE-2015-8606
Detect and mitigate CVE-2015-8606 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →