Medium severity6.1NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2015-8606
CVE-2015-8606
Description
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
silverstripe/cmsPackagist | < 3.1.16 | 3.1.16 |
silverstripe/cmsPackagist | >= 3.2.0, < 3.2.1 | 3.2.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.silverstripe.org/download/security-releases/ss-2015-026nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-gvc8-xjfp-6569ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8606ghsaADVISORY
- seclists.org/fulldisclosure/2015/Dec/55nvdWEB
- www.openwall.com/lists/oss-security/2015/12/17/1nvdWEB
- www.openwall.com/lists/oss-security/2015/12/17/11nvdWEB
- www.openwall.com/lists/oss-security/2015/12/18/5nvdWEB
- cybersecurityworks.com/zerodays/cve-2015-8606-silverstripe.htmlnvdWEB
News mentions
0No linked articles in our index yet.