|
Description
|
|
Two vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
1) Input appended to the URL via e.g. admin/reports/ is not properly sanitised in the "process()" function in sapphire/core/SSViewer.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that the victim uses a browser that does not URL-encode the request (e.g. Internet Explorer 6).
2) An error within the implementation of access permissions does not properly verify requests to change a user's assigned groups. This can be exploited to add a user to the "Administrators" group.
Successful exploitation requires "Access to all CMS sections" and "Manage permissions for groups" privileges.
The vulnerabilities are confirmed in version 2.4.5. Prior versions may also be affected.
|
