CVE-2010-1593

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).

• CWE-79

• http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.htmlExploit
• http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456Patch
• http://open.silverstripe.org/changeset/97074Exploit, Patch
• http://open.silverstripe.org/wiki/ChangeLog/2.3.5
• http://osvdb.org/61921
• http://osvdb.org/61923
• http://secunia.com/advisories/38290Vendor Advisory
• http://secunia.com/advisories/38347Vendor Advisory
• http://www.securityfocus.com/archive/1/509139/100/0/threaded
• http://www.securityfocus.com/bid/37923Patch
• http://www.silverstripe.org/security-releases/Patch, Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/55838
• https://exchange.xforce.ibmcloud.com/vulnerabilities/55839
• http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.htmlExploit
• http://groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456Patch
• http://open.silverstripe.org/changeset/97074Exploit, Patch
• http://open.silverstripe.org/wiki/ChangeLog/2.3.5
• http://osvdb.org/61921
• http://osvdb.org/61923
• http://secunia.com/advisories/38290Vendor Advisory
• http://secunia.com/advisories/38347Vendor Advisory
• http://www.securityfocus.com/archive/1/509139/100/0/threaded
• http://www.securityfocus.com/bid/37923Patch
• http://www.silverstripe.org/security-releases/Patch, Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/55838
• https://exchange.xforce.ibmcloud.com/vulnerabilities/55839

Published

Apr 28, 2010

Last Modified

Jun 16, 2026

Status

Modified