SilverStripe 2.4.6

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:silverstripe:silverstripe:2.4.6:*:*:*:*:*:*:*

part: a version: 2.4.6 update: *

VendorSilverstripe (fb3ee4e6-70c4-5017-82a7-81441bb33bd1)
ProductSilverstripe (a3b26fc2-6e91-5c07-b521-62f2382ac950)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/silverstripe/silverstripe-cms purl2cpe 2026-06-01 10:14:20.994077

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2012-4968 vulnerable 2026-06-03 14:32:26.395974 Details available
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.
Published: 2012-09-17T17:00:00.000Z
Updated: 2024-09-16T19:11:05.166Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-0976 vulnerable 2026-06-03 14:31:40.666195 Details available
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.
Published: 2012-02-02T17:00:00.000Z
Updated: 2024-08-06T18:45:26.073Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.