CVE-2010-4823

SilverStripe <2.3.10-2.4.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."

References (10)

Scores

EPSS 0.0073
EPSS Percentile 72.4%

Classification

CWE
CWE-79
Status published

Affected Products (15)

silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
silverstripe/silverstripe
n/a/n/a

Timeline

Published Sep 17, 2012
Tracked Since Feb 18, 2026