Silverstripe : Security Vulnerabilities, CVEs, Published In 2013 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-08-09
Updated
2013-08-13
1 vulnerabilities found