VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Sep 17, 2012· Updated Apr 29, 2026

CVE-2012-4968

CVE-2012-4968

Description

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
silverstripe/frameworkPackagist
>= 2.3, < 2.3.132.3.13
silverstripe/frameworkPackagist
>= 2.4, < 2.4.72.4.7

Affected products

19
  • Silverstripe/Silverstripe19 versions
    cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:silverstripe:silverstripe:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:silverstripe:silverstripe:2.4.6:*:*:*:*:*:*:*

Patches

3
0085876

BUGFIX Casting return values on text helper methods in StringField, Text, Varchar

https://github.com/silverstripe/sapphireIngo SchommerJan 31, 2012via ghsa
commit
6 files changed · +97 3
  • core/model/fieldtypes/HTMLText.php+20 1 modified
    @@ -28,6 +28,25 @@ function LimitCharacters($limit = 20, $add = "...") {
 		return (strlen($value) > $limit) ? substr($value, 0, $limit) . $add : $value;
 	}
 
+	static $casting = array(
+		"AbsoluteLinks" => "HTMLText",
+		"BigSummary" => "HTMLText",
+		"ContextSummary" => "HTMLText",
+		"FirstParagraph" => "HTMLText",
+		"FirstSentence" => "HTMLText",
+		"LimitCharacters" => "HTMLText",
+		"LimitSentences" => "HTMLText",
+		"Lower" => "HTMLText",
+		"LowerCase" => "HTMLText",
+		"Summary" => "HTMLText",
+		"Upper" => "HTMLText",
+		"UpperCase" => "HTMLText",
+		'EscapeXML' => 'HTMLText',
+		'LimitWordCount' => 'HTMLText',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
+	);
+
 	/**
 	 * Create a summary of the content. This will be some section of the first paragraph, limited by
 	 * $maxWords. All internal tags are stripped out - the return value is a string
@@ -133,4 +152,4 @@ public function scaffoldSearchField($title = null) {
 
 }
 
-?>
\ No newline at end of file
+?>
  • core/model/fieldtypes/StringField.php+6 0 modified
    @@ -9,6 +9,12 @@
 abstract class StringField extends DBField {
 	protected $nullifyEmpty = true;
 
+	static $casting = array(
+		"LimitCharacters" => "Text",
+		"Lower" => "Text",
+		"Upper" => "Text",
+	);
+
 	/**
 	 * Construct a string type field with a set of optional parameters
 	 * @param $name string The name of the field
  • core/model/fieldtypes/Text.php+13 1 modified
    @@ -17,8 +17,20 @@
  * @subpackage model
  */
 class Text extends StringField {
+
 	static $casting = array(
-		"AbsoluteLinks" => "HTMLText",
+		"AbsoluteLinks" => "Text",
+		"BigSummary" => "Text",
+		"ContextSummary" => "Text",
+		"FirstParagraph" => "Text",
+		"FirstSentence" => "Text",
+		"LimitCharacters" => "Text",
+		"LimitSentences" => "Text",
+		"Summary" => "Text",
+		'EscapeXML' => 'Text',
+		'LimitWordCount' => 'Text',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
 	);
 	
  	/**
  • core/model/fieldtypes/Varchar.php+5 0 modified
    @@ -10,6 +10,11 @@
  * @subpackage model
  */
 class Varchar extends StringField {
+
+	static $casting = array(
+		"Initial" => "Text",
+		"URL" => "Text",
+	);
 	
 	protected $size;
  • tests/fieldtypes/HTMLTextTest.php+28 0 modified
    @@ -102,5 +102,33 @@ function testFirstSentence() {
 			$this->assertEquals($match, $textObj->FirstSentence());
 		}
 	}	
+
+	public function testRAW() {
+		$data = DBField::create('HTMLText', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
+
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->RAW(), 'This & This');
+	}
+	
+	public function testXML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
 }
 ?>
\ No newline at end of file
  • tests/fieldtypes/TextTest.php+25 1 modified
    @@ -142,6 +142,30 @@ function testContextSummary() {
 			'A dog <span class="highlight">ate</span> a cat while looking at a Foobar',
 			$textObj->ContextSummary(100, $testKeyword3a)
 		);
-		
 	}	
+
+	public function testRAW() {
+		$data = DBField::create('Text', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
+	}
+	
+	public function testXML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
 }
\ No newline at end of file
0085876495f0

BUGFIX Casting return values on text helper methods in StringField, Text, Varchar

https://github.com/silverstripe/silverstripe-frameworkIngo SchommerJan 31, 2012via ghsa
commit
6 files changed · +97 3
  • core/model/fieldtypes/HTMLText.php+20 1 modified
    @@ -28,6 +28,25 @@ function LimitCharacters($limit = 20, $add = "...") {
 		return (strlen($value) > $limit) ? substr($value, 0, $limit) . $add : $value;
 	}
 
+	static $casting = array(
+		"AbsoluteLinks" => "HTMLText",
+		"BigSummary" => "HTMLText",
+		"ContextSummary" => "HTMLText",
+		"FirstParagraph" => "HTMLText",
+		"FirstSentence" => "HTMLText",
+		"LimitCharacters" => "HTMLText",
+		"LimitSentences" => "HTMLText",
+		"Lower" => "HTMLText",
+		"LowerCase" => "HTMLText",
+		"Summary" => "HTMLText",
+		"Upper" => "HTMLText",
+		"UpperCase" => "HTMLText",
+		'EscapeXML' => 'HTMLText',
+		'LimitWordCount' => 'HTMLText',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
+	);
+
 	/**
 	 * Create a summary of the content. This will be some section of the first paragraph, limited by
 	 * $maxWords. All internal tags are stripped out - the return value is a string
@@ -133,4 +152,4 @@ public function scaffoldSearchField($title = null) {
 
 }
 
-?>
\ No newline at end of file
+?>
  • core/model/fieldtypes/StringField.php+6 0 modified
    @@ -9,6 +9,12 @@
 abstract class StringField extends DBField {
 	protected $nullifyEmpty = true;
 
+	static $casting = array(
+		"LimitCharacters" => "Text",
+		"Lower" => "Text",
+		"Upper" => "Text",
+	);
+
 	/**
 	 * Construct a string type field with a set of optional parameters
 	 * @param $name string The name of the field
  • core/model/fieldtypes/Text.php+13 1 modified
    @@ -17,8 +17,20 @@
  * @subpackage model
  */
 class Text extends StringField {
+
 	static $casting = array(
-		"AbsoluteLinks" => "HTMLText",
+		"AbsoluteLinks" => "Text",
+		"BigSummary" => "Text",
+		"ContextSummary" => "Text",
+		"FirstParagraph" => "Text",
+		"FirstSentence" => "Text",
+		"LimitCharacters" => "Text",
+		"LimitSentences" => "Text",
+		"Summary" => "Text",
+		'EscapeXML' => 'Text',
+		'LimitWordCount' => 'Text',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
 	);
 	
  	/**
  • core/model/fieldtypes/Varchar.php+5 0 modified
    @@ -10,6 +10,11 @@
  * @subpackage model
  */
 class Varchar extends StringField {
+
+	static $casting = array(
+		"Initial" => "Text",
+		"URL" => "Text",
+	);
 	
 	protected $size;
  • tests/fieldtypes/HTMLTextTest.php+28 0 modified
    @@ -102,5 +102,33 @@ function testFirstSentence() {
 			$this->assertEquals($match, $textObj->FirstSentence());
 		}
 	}	
+
+	public function testRAW() {
+		$data = DBField::create('HTMLText', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
+
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->RAW(), 'This & This');
+	}
+	
+	public function testXML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
 }
 ?>
\ No newline at end of file
  • tests/fieldtypes/TextTest.php+25 1 modified
    @@ -142,6 +142,30 @@ function testContextSummary() {
 			'A dog <span class="highlight">ate</span> a cat while looking at a Foobar',
 			$textObj->ContextSummary(100, $testKeyword3a)
 		);
-		
 	}	
+
+	public function testRAW() {
+		$data = DBField::create('Text', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
+	}
+	
+	public function testXML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
 }
\ No newline at end of file
15e9e059e594

BUGFIX Casting return values on text helper methods in StringField, Text, Varchar

https://github.com/silverstripe/silverstripe-frameworkIngo SchommerJan 31, 2012via ghsa
commit
5 files changed · +97 4
  • core/model/fieldtypes/HTMLText.php+23 1 modified
    @@ -22,6 +22,28 @@ function LimitCharacters($limit = 20, $add = "...") {
 		return (strlen($value) > $limit) ? substr($value, 0, $limit) . $add : $value;
 	}
 
+	static $casting = array(
+		"AbsoluteLinks" => "HTMLText",
+		"BigSummary" => "HTMLText",
+		"ContextSummary" => "HTMLText",
+		"FirstParagraph" => "HTMLText",
+		"FirstSentence" => "HTMLText",
+		"LimitCharacters" => "HTMLText",
+		"LimitSentences" => "HTMLText",
+		"LimitWordCount" => "HTMLText",
+		"LimitWordCountXML" => "HTMLText",
+		"LimitWordCountPlainText" => "Text",
+		"Lower" => "HTMLText",
+		"LowerCase" => "HTMLText",
+		"Summary" => "HTMLText",
+		"Upper" => "HTMLText",
+		"UpperCase" => "HTMLText",
+		'EscapeXML' => 'HTMLText',
+		'LimitWordCount' => 'HTMLText',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
+	);
+
 	/**
 	 * Create a summary of the content. This will be some section of the first paragraph, limited by
 	 * $maxWords. All internal tags are stripped out - the return value is a string
@@ -117,4 +139,4 @@ public function scaffoldSearchField($title = null) {
 
 }
 
-?>
\ No newline at end of file
+?>
  • core/model/fieldtypes/Text.php+15 1 modified
    @@ -6,7 +6,21 @@
  */
 class Text extends DBField {
 	static $casting = array(
-		"AbsoluteLinks" => "HTMLText",
+		"AbsoluteLinks" => "Text",
+		"BigSummary" => "Text",
+		"ContextSummary" => "Text",
+		"FirstParagraph" => "Text",
+		"FirstSentence" => "Text",
+		"LimitCharacters" => "Text",
+		"LimitSentences" => "Text",
+		"LimitWordCount" => "Text",
+		"LimitWordCountXML" => "Text",
+		"LimitWordCountPlainText" => "Text",
+		"Summary" => "Text",
+		'EscapeXML' => 'Text',
+		'LimitWordCount' => 'Text',
+		'LimitWordCountXML' => 'HTMLText',
+		'NoHTML' => 'Text',
 	);
 	
 	function requireField() {
  • core/model/fieldtypes/Varchar.php+6 0 modified
    @@ -5,6 +5,12 @@
  * @subpackage model
  */
 class Varchar extends DBField {
+
+	static $casting = array(
+		"Initial" => "Text",
+		"URL" => "Text",
+		"LimitCharacters" => "Text",
+	);
 	
 	protected $size;
  • tests/fieldtypes/HTMLTextTest.php+28 0 modified
    @@ -102,5 +102,33 @@ function testFirstSentence() {
 			$this->assertEquals($match, $textObj->FirstSentence());
 		}
 	}	
+
+	public function testRAW() {
+		$data = DBField::create('HTMLText', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
+
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->RAW(), 'This & This');
+	}
+	
+	public function testXML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('HTMLText', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('HTMLText', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
 }
 ?>
\ No newline at end of file
  • tests/fieldtypes/TextTest.php+25 2 modified
    @@ -84,7 +84,30 @@ function testContextSummary() {
 			'This is <span class="highlight">some</span> <span class="highlight">test</span> text. <span class="highlight">test</span> <span class="highlight">test</span> what if you have',
 			$textObj->ContextSummary(50, $testKeywords2)
 		);
+	}	
+
+	public function testRAW() {
+		$data = DBField::create('Text', 'This &amp; This');
+		$this->assertEquals($data->RAW(), 'This &amp; This');
 	}
 	
-}
-?>
\ No newline at end of file
+	public function testXML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->XML(), 'This &amp; This');
+	}
+
+	public function testHTML() {
+		$data = DBField::create('Text', 'This & This');
+		$this->assertEquals($data->HTML(), 'This &amp; This');
+	}
+
+	public function testJS() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->JS(), '\"this is a test\"');
+	}
+
+	public function testATT() {
+		$data = DBField::create('Text', '"this is a test"');
+		$this->assertEquals($data->ATT(), '&quot;this is a test&quot;');
+	}
+}
\ No newline at end of file

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.