silverstripeCMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2010-4823
Reference:
CVE-2010-4823
Title:
silverstripeCMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 when custom error handling is not used allows remote attackers to inject arbitrary web script or HTML via quotmissing URL actions.quot