Low severityNVD Advisory· Published Apr 28, 2010· Updated Apr 29, 2026

CVE-2010-1593

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
silverstripe/cmsPackagist	< 2.3.5	2.3.5
silverstripe/frameworkPackagist	< 2.3.5	2.3.5

Affected products

Silverstripe/Silverstripe19 versions
cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*range: <=2.3.4
- cpe:2.3:a:silverstripe:silverstripe:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

groups.google.com/group/silverstripe-announce/browse_thread/thread/f51749342eee9456nvdPatchWEB
www.securityfocus.com/bid/37923nvdPatch
www.silverstripe.org/security-releases/nvdPatchVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2010-01/0450.htmlnvdExploitWEB
open.silverstripe.org/changeset/97074nvdExploitPatchWEB
secunia.com/advisories/38290nvdVendor Advisory
secunia.com/advisories/38347nvdVendor Advisory
github.com/advisories/GHSA-wg4m-vvp6-2hc5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2010-1593ghsaADVISORY
open.silverstripe.org/wiki/ChangeLog/2.3.5nvdWEB
www.silverstripe.org/security-releasesghsaWEB
exchange.xforce.ibmcloud.com/vulnerabilities/55838nvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/55839nvdWEB
web.archive.org/web/20200228222759/https://www.securityfocus.com/bid/37923ghsaWEB
web.archive.org/web/20201208002434/http://www.securityfocus.com/archive/1/509139/100/0/threadedghsaWEB
osvdb.org/61921nvd
osvdb.org/61923nvd
www.securityfocus.com/archive/1/509139/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000