Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SilverStripe < 2.3.6 Multiple Vulnerabilities



The remote web server is hosting an application that is vulnerable to multiple attack vectors.


The remote web server is hosting SilverStripe CMS. The installed version of SilverStripe is earlier than 2.3.6. Such versions are potentially affected by multiple vulnerabilities :

- A cross-site scripting vulnerability in the 'DataObjectSet' pagination.

A cross-site scripting vulnerablity in the 'user' parameter of the 'jsparty/jquery/plugins/validate/demo/form.php' script.

- An information disclosure vulnerability through 'profile_trace' and 'debug_profile' GET parameters. (98229, 98230)

- The 'sapphire/core/control/Director.php' script displays the output of the 'memory_get_peak_usage()' function in an insecure manner.


Upgrade to SilverStripe 2.3.6 or later.