CVE-2011-4958
SilverStripe < 2.3.13 and 2.4.x < 2.4.6 - Cross-Site Scripting via QUERY_STRING to Template Placeholders
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4958. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in SilverStripe 2.4.5 by injecting malicious JavaScript payloads into various admin endpoints. The payloads are designed to execute arbitrary script code in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
Exploits (1)
This exploit demonstrates multiple reflected XSS vulnerabilities in SilverStripe 2.4.5 by injecting malicious JavaScript payloads into various admin endpoints. The payloads are designed to execute arbitrary script code in the context of the affected site.