Back to all zero days
Reflected Cross-Site Scripting (XSS) in SilverStripe CMS & Framework
Nov 5, 2015
Proof of concept: (POC)
Issue 1: The POST Request of the variable Locale in the new member form is vulnerable to XSS.
Figure 1: XSS payload was injected in the Locale variable.
Figure 2: Injected payload was executed in the browser
Issue 2: The POST Request of the variable FailedLoginCount in the new member form is vulnerable to XSS
Figure 01: XSS payload is injected in the Locale variable.
Figure 02: Injected payload was executed in the browser
∙ User’s session cookie & end-user files disclosure.
∙ Hijack the user’s session & take over the account.
∙ Installation of Trojan horse programs.
∙ Redirection of the user to some other page or site.
∙ Modification to the presentation of content
Download the patch release advised as per the vendor.
Nov 05, 2015: Vulnerability Disclosure in SilverStripe CMS & Framework and Reported
Nov 11, 2015: Vendor Response
Nov 16, 2015: Vendor Released Fix
Dec 12, 2015: Public disclosed
Dec 17, 2015: CVE Assigned
Cyber Security Works Pvt. Ltd.
- Affected VendorSilverStripe
- Bug NameReflected Cross-Site Scripting (XSS)
- CVE NumberCVE-2015-8606
- CWE IDCWE - 79
- CSW ID2015-CSW-09-1009
- CVSSv3 Score6.1
- Affected Version3.2.0
- Affected ProductSilverStripe