CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-6458

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.2%

CVSS Severity

CVSS v2 Score 4.3

References

http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html
https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739
http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html
https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739

Products affected by CVE-2012-6458

Silverstripe » Silverstripe » Version: 3.0.0

cpe:2.3:a:silverstripe:silverstripe:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6458

Products

Pricing

Contact Us