Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@4.12.0-rc1
Typecomposer
Namespacesilverstripe
Nameframework
Version4.12.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-4f9c-aun4-wfep
vulnerability_id VCID-4f9c-aun4-wfep
summary 
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
reference_id
reference_type
scores
0
value 0.00457
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-02T12:55:00Z
1
value 0.00457
scoring_system epss
scoring_elements 0.63938
published_at 2026-04-16T12:55:00Z
2
value 0.00457
scoring_system epss
scoring_elements 0.63903
published_at 2026-04-13T12:55:00Z
3
value 0.00457
scoring_system epss
scoring_elements 0.63936
published_at 2026-04-12T12:55:00Z
4
value 0.00457
scoring_system epss
scoring_elements 0.63949
published_at 2026-04-11T12:55:00Z
5
value 0.00457
scoring_system epss
scoring_elements 0.63937
published_at 2026-04-09T12:55:00Z
6
value 0.00457
scoring_system epss
scoring_elements 0.63919
published_at 2026-04-08T12:55:00Z
7
value 0.00457
scoring_system epss
scoring_elements 0.63869
published_at 2026-04-07T12:55:00Z
8
value 0.00457
scoring_system epss
scoring_elements 0.63911
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22728
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
reference_id CVE-2023-22728
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
6
reference_url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5pkg-j4wg-7fcn
1
vulnerability VCID-6epx-c68d-d7bv
2
vulnerability VCID-86yd-4mkt-hydr
3
vulnerability VCID-a3yc-fxa1-gfhy
4
vulnerability VCID-axxx-gpfn-mqc9
5
vulnerability VCID-kak1-btjp-kqgz
6
vulnerability VCID-kvhv-9fj5-7kgk
7
vulnerability VCID-kw9p-5fbc-hudg
8
vulnerability VCID-qjgf-hxng-j3g9
9
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep
1
url VCID-5pkg-j4wg-7fcn
vulnerability_id VCID-5pkg-j4wg-7fcn
summary 
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
1
reference_url https://github.com/github/advisory-database/pull/2575
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2575
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
4
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
5
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
reference_id CVE-2023-32302
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
8
reference_url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
9
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.14
purl pkg:composer/silverstripe/framework@4.13.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-86yd-4mkt-hydr
2
vulnerability VCID-a3yc-fxa1-gfhy
3
vulnerability VCID-axxx-gpfn-mqc9
4
vulnerability VCID-kak1-btjp-kqgz
5
vulnerability VCID-kvhv-9fj5-7kgk
6
vulnerability VCID-kw9p-5fbc-hudg
7
vulnerability VCID-qjgf-hxng-j3g9
8
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14
1
url pkg:composer/silverstripe/framework@5.0.13
purl pkg:composer/silverstripe/framework@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-86yd-4mkt-hydr
2
vulnerability VCID-a3yc-fxa1-gfhy
3
vulnerability VCID-axxx-gpfn-mqc9
4
vulnerability VCID-kak1-btjp-kqgz
5
vulnerability VCID-kvhv-9fj5-7kgk
6
vulnerability VCID-kw9p-5fbc-hudg
7
vulnerability VCID-qjgf-hxng-j3g9
8
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13
aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn
2
url VCID-6epx-c68d-d7bv
vulnerability_id VCID-6epx-c68d-d7bv
summary 
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.

Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.

### References

- https://www.silverstripe.org/download/security-releases/cve-2024-53277

## Reported by

Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
reference_id
reference_type
scores
0
value 0.01074
scoring_system epss
scoring_elements 0.77739
published_at 2026-04-04T12:55:00Z
1
value 0.01074
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-09T12:55:00Z
2
value 0.01074
scoring_system epss
scoring_elements 0.7775
published_at 2026-04-08T12:55:00Z
3
value 0.01074
scoring_system epss
scoring_elements 0.77722
published_at 2026-04-07T12:55:00Z
4
value 0.01074
scoring_system epss
scoring_elements 0.77712
published_at 2026-04-02T12:55:00Z
5
value 0.01074
scoring_system epss
scoring_elements 0.77801
published_at 2026-04-16T12:55:00Z
6
value 0.01074
scoring_system epss
scoring_elements 0.77765
published_at 2026-04-13T12:55:00Z
7
value 0.01074
scoring_system epss
scoring_elements 0.77781
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-53277
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-53277
7
reference_url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
reference_id GHSA-ff6q-3c9c-6cf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv
3
url VCID-86yd-4mkt-hydr
vulnerability_id VCID-86yd-4mkt-hydr
summary 
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
### Impact
If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.

**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)
**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)

### References
- https://www.silverstripe.org/download/security-releases/CVE-2023-48714
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45359
published_at 2026-04-02T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45422
published_at 2026-04-16T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45371
published_at 2026-04-13T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45369
published_at 2026-04-12T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.454
published_at 2026-04-11T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45378
published_at 2026-04-09T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45323
published_at 2026-04-07T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
6
reference_url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.39
purl pkg:composer/silverstripe/framework@4.13.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kak1-btjp-kqgz
4
vulnerability VCID-kvhv-9fj5-7kgk
5
vulnerability VCID-kw9p-5fbc-hudg
6
vulnerability VCID-qjgf-hxng-j3g9
7
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39
1
url pkg:composer/silverstripe/framework@5.1.11
purl pkg:composer/silverstripe/framework@5.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kak1-btjp-kqgz
4
vulnerability VCID-kvhv-9fj5-7kgk
5
vulnerability VCID-kw9p-5fbc-hudg
6
vulnerability VCID-qjgf-hxng-j3g9
7
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11
aliases CVE-2023-48714, GHSA-qm2j-qvq3-j29v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr
4
url VCID-a3yc-fxa1-gfhy
vulnerability_id VCID-a3yc-fxa1-gfhy
summary 
Silverstripe Framework has a XSS vulnerability in HTML editor
### Impact

A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this attack.

### Reported by

James Nicoll from Fujitsu Cyber

### References

- https://www.silverstripe.org/download/security-releases/cve-2025-30148
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37948
published_at 2026-04-02T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37914
published_at 2026-04-16T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37901
published_at 2026-04-08T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37851
published_at 2026-04-07T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37974
published_at 2026-04-04T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37868
published_at 2026-04-13T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37893
published_at 2026-04-12T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37929
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
4
reference_url https://github.com/silverstripe/silverstripe-framework/pull/11682
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/pull/11682
5
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2025-30148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://www.silverstripe.org/download/security-releases/cve-2025-30148
8
reference_url https://github.com/advisories/GHSA-rhx4-hvx9-j387
reference_id GHSA-rhx4-hvx9-j387
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhx4-hvx9-j387
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.23
purl pkg:composer/silverstripe/framework@5.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23
aliases CVE-2025-30148, GHSA-rhx4-hvx9-j387
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy
5
url VCID-axxx-gpfn-mqc9
vulnerability_id VCID-axxx-gpfn-mqc9
summary 
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.

## References

- https://www.silverstripe.org/download/security-releases/ss-2024-002

## Reported by

Gaurav Nayak from [Chaleit](https://chaleit.com/)
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
2
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
4
reference_url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
reference_id GHSA-mqf3-qpc3-g26q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases GHSA-mqf3-qpc3-g26q
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9
6
url VCID-kak1-btjp-kqgz
vulnerability_id VCID-kak1-btjp-kqgz
summary 
Silverstripe uses TinyMCE which allows svg files linked in object tags
### Impact
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.

Note that `<embed>` tags are not allowed by default.

After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.

We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.

### References:
- https://www.silverstripe.org/download/security-releases/ss-2024-001
- https://github.com/advisories/GHSA-5359-pvf2-pw78
references
0
reference_url https://github.com/advisories/GHSA-5359-pvf2-pw78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5359-pvf2-pw78
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-001
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-001
5
reference_url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
reference_id GHSA-52cw-pvq9-9m5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kvhv-9fj5-7kgk
4
vulnerability VCID-kw9p-5fbc-hudg
5
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases GHSA-52cw-pvq9-9m5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz
7
url VCID-kvhv-9fj5-7kgk
vulnerability_id VCID-kvhv-9fj5-7kgk
summary 
Silverstripe Framework has a XSS via insert media remote file oembed
### Impact

When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.

## References

- https://www.silverstripe.org/download/security-releases/cve-2024-47605

## Reported by

James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
reference_id
reference_type
scores
0
value 0.0398
scoring_system epss
scoring_elements 0.88367
published_at 2026-04-04T12:55:00Z
1
value 0.0398
scoring_system epss
scoring_elements 0.88414
published_at 2026-04-16T12:55:00Z
2
value 0.0398
scoring_system epss
scoring_elements 0.884
published_at 2026-04-13T12:55:00Z
3
value 0.0398
scoring_system epss
scoring_elements 0.88408
published_at 2026-04-11T12:55:00Z
4
value 0.0398
scoring_system epss
scoring_elements 0.88397
published_at 2026-04-09T12:55:00Z
5
value 0.0398
scoring_system epss
scoring_elements 0.88391
published_at 2026-04-08T12:55:00Z
6
value 0.0398
scoring_system epss
scoring_elements 0.88372
published_at 2026-04-07T12:55:00Z
7
value 0.0398
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
2
reference_url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-47605
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-47605
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
reference_id CVE-2024-47605
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
8
reference_url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
reference_id GHSA-7cmp-cgg8-4c82
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-47605, GHSA-7cmp-cgg8-4c82
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk
8
url VCID-kw9p-5fbc-hudg
vulnerability_id VCID-kw9p-5fbc-hudg
summary 
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
3
reference_url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
reference_id GHSA-74j9-xhqr-6qv3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
aliases GHSA-74j9-xhqr-6qv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg
9
url VCID-qjgf-hxng-j3g9
vulnerability_id VCID-qjgf-hxng-j3g9
summary 
Silverstripe Framework user enumeration via timing attack on login and password reset forms
### Impact
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.

This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+

### References

- https://www.silverstripe.org/download/security-releases/ss-2017-005
- https://www.silverstripe.org/download/security-releases/ss-2025-001
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2025-001.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/pull/11681
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/pull/11681
3
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-256q-hx8w-xcqx
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2025-001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2025-001
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
7
reference_url https://github.com/advisories/GHSA-256q-hx8w-xcqx
reference_id GHSA-256q-hx8w-xcqx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-256q-hx8w-xcqx
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.23
purl pkg:composer/silverstripe/framework@5.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23
aliases GHSA-256q-hx8w-xcqx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjgf-hxng-j3g9
10
url VCID-qm38-1cwk-b3hq
vulnerability_id VCID-qm38-1cwk-b3hq
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
reference_id
reference_type
scores
0
value 0.00262
scoring_system epss
scoring_elements 0.49576
published_at 2026-04-02T12:55:00Z
1
value 0.00262
scoring_system epss
scoring_elements 0.4964
published_at 2026-04-16T12:55:00Z
2
value 0.00262
scoring_system epss
scoring_elements 0.49593
published_at 2026-04-13T12:55:00Z
3
value 0.00262
scoring_system epss
scoring_elements 0.49592
published_at 2026-04-12T12:55:00Z
4
value 0.00262
scoring_system epss
scoring_elements 0.49621
published_at 2026-04-11T12:55:00Z
5
value 0.00262
scoring_system epss
scoring_elements 0.49609
published_at 2026-04-08T12:55:00Z
6
value 0.00262
scoring_system epss
scoring_elements 0.49554
published_at 2026-04-07T12:55:00Z
7
value 0.00262
scoring_system epss
scoring_elements 0.49603
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22729
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22729
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
reference_id CVE-2023-22729
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
6
reference_url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5pkg-j4wg-7fcn
1
vulnerability VCID-6epx-c68d-d7bv
2
vulnerability VCID-86yd-4mkt-hydr
3
vulnerability VCID-a3yc-fxa1-gfhy
4
vulnerability VCID-axxx-gpfn-mqc9
5
vulnerability VCID-kak1-btjp-kqgz
6
vulnerability VCID-kvhv-9fj5-7kgk
7
vulnerability VCID-kw9p-5fbc-hudg
8
vulnerability VCID-qjgf-hxng-j3g9
9
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22729, GHSA-fw84-xgm8-9jmv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq
11
url VCID-yuer-yn1w-q3gw
vulnerability_id VCID-yuer-yn1w-q3gw
summary 
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this type of attack.

### References
- https://www.silverstripe.org/download/security-releases/cve-2024-32981
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
reference_id
reference_type
scores
0
value 0.0105
scoring_system epss
scoring_elements 0.7749
published_at 2026-04-02T12:55:00Z
1
value 0.0105
scoring_system epss
scoring_elements 0.7758
published_at 2026-04-16T12:55:00Z
2
value 0.0105
scoring_system epss
scoring_elements 0.77542
published_at 2026-04-13T12:55:00Z
3
value 0.0105
scoring_system epss
scoring_elements 0.77545
published_at 2026-04-12T12:55:00Z
4
value 0.0105
scoring_system epss
scoring_elements 0.7756
published_at 2026-04-11T12:55:00Z
5
value 0.0105
scoring_system epss
scoring_elements 0.77534
published_at 2026-04-09T12:55:00Z
6
value 0.0105
scoring_system epss
scoring_elements 0.77524
published_at 2026-04-08T12:55:00Z
7
value 0.0105
scoring_system epss
scoring_elements 0.77495
published_at 2026-04-07T12:55:00Z
8
value 0.0105
scoring_system epss
scoring_elements 0.77515
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-32981
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-32981
7
reference_url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
reference_id GHSA-chx7-9x8h-r5mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kvhv-9fj5-7kgk
4
vulnerability VCID-kw9p-5fbc-hudg
5
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases CVE-2024-32981, GHSA-chx7-9x8h-r5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw
Fixing_vulnerabilities
0
url VCID-3pwx-7wzy-qbdw
vulnerability_id VCID-3pwx-7wzy-qbdw
summary 
Insufficient sanitization in "Add from URL"
"Add from URL" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5k79-mfyz-xqhu
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-cg3k-vmk4-5kdb
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eaqw-9k5p-pybr
24
vulnerability VCID-eddc-w9wx-c3gq
25
vulnerability VCID-enkd-4y44-4ueq
26
vulnerability VCID-fpb7-5pwu-tyg5
27
vulnerability VCID-fyxa-vzeq-ubeq
28
vulnerability VCID-hgkh-tcdc-ufd5
29
vulnerability VCID-j6ze-f76y-cqgy
30
vulnerability VCID-k7bb-y315-4qb6
31
vulnerability VCID-kak1-btjp-kqgz
32
vulnerability VCID-kdyk-rrrr-pufw
33
vulnerability VCID-krjm-ygks-wyct
34
vulnerability VCID-kvhv-9fj5-7kgk
35
vulnerability VCID-kw9p-5fbc-hudg
36
vulnerability VCID-kxa8-dmva-ayff
37
vulnerability VCID-p2kq-rkh6-ayeu
38
vulnerability VCID-p52e-s67u-eya7
39
vulnerability VCID-pq29-qe7h-tkcp
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-te88-ws12-3bc8
43
vulnerability VCID-tm1s-2m92-uyh9
44
vulnerability VCID-tuwu-cznx-jqdb
45
vulnerability VCID-u49v-31sv-eqc3
46
vulnerability VCID-wazt-hn99-qkdk
47
vulnerability VCID-wrnm-d19b-hqby
48
vulnerability VCID-ya8k-c5s5-47gx
49
vulnerability VCID-ypfw-xhud-bbfs
50
vulnerability VCID-yuer-yn1w-q3gw
51
vulnerability VCID-z7fk-zbvh-quew
52
vulnerability VCID-zgy5-8cgd-gqhm
53
vulnerability VCID-zr7a-tdxv-rqff
54
vulnerability VCID-zr8u-z3r4-cbct
55
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwx-7wzy-qbdw
1
url VCID-3yq9-432a-p7bq
vulnerability_id VCID-3yq9-432a-p7bq
summary 
Cross-site Scripting
XSS In GridField print.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-006/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-006/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-35rh-ebhv-k3ds
3
vulnerability VCID-3pwx-7wzy-qbdw
4
vulnerability VCID-414d-7bfm-kud7
5
vulnerability VCID-4f9c-aun4-wfep
6
vulnerability VCID-4x32-t75c-u3bj
7
vulnerability VCID-5k79-mfyz-xqhu
8
vulnerability VCID-5pkg-j4wg-7fcn
9
vulnerability VCID-6du5-hdvd-fueb
10
vulnerability VCID-6epx-c68d-d7bv
11
vulnerability VCID-6j2p-tzvx-9bdj
12
vulnerability VCID-7dk3-gcup-2kc9
13
vulnerability VCID-86yd-4mkt-hydr
14
vulnerability VCID-8wbx-bvm9-jqcv
15
vulnerability VCID-a3yc-fxa1-gfhy
16
vulnerability VCID-a9qn-hsax-uke7
17
vulnerability VCID-ab5z-bqka-xudb
18
vulnerability VCID-ajga-3b99-yugh
19
vulnerability VCID-axxx-gpfn-mqc9
20
vulnerability VCID-bdcq-z11u-zyh5
21
vulnerability VCID-c3vp-kc9a-vkhn
22
vulnerability VCID-cc1b-b6sm-zbcw
23
vulnerability VCID-cdgj-bdpy-ukak
24
vulnerability VCID-cg3k-vmk4-5kdb
25
vulnerability VCID-cq8a-jun5-q3hh
26
vulnerability VCID-dg5e-tkef-buab
27
vulnerability VCID-dgn7-zmwr-u3c6
28
vulnerability VCID-dq8q-6agw-g3d5
29
vulnerability VCID-dx5f-g875-5bct
30
vulnerability VCID-eaqw-9k5p-pybr
31
vulnerability VCID-eddc-w9wx-c3gq
32
vulnerability VCID-ehd6-y3gw-fufu
33
vulnerability VCID-enkd-4y44-4ueq
34
vulnerability VCID-fff2-h9gn-9qhu
35
vulnerability VCID-fpb7-5pwu-tyg5
36
vulnerability VCID-fyxa-vzeq-ubeq
37
vulnerability VCID-gw2k-419z-t7h5
38
vulnerability VCID-hgkh-tcdc-ufd5
39
vulnerability VCID-j5hb-hw1t-nkh3
40
vulnerability VCID-j6ze-f76y-cqgy
41
vulnerability VCID-k7bb-y315-4qb6
42
vulnerability VCID-kak1-btjp-kqgz
43
vulnerability VCID-kdyk-rrrr-pufw
44
vulnerability VCID-kqk7-mdnd-hfc7
45
vulnerability VCID-krjm-ygks-wyct
46
vulnerability VCID-kvfs-x2wd-p3h3
47
vulnerability VCID-kvhv-9fj5-7kgk
48
vulnerability VCID-kw9p-5fbc-hudg
49
vulnerability VCID-kxa8-dmva-ayff
50
vulnerability VCID-kz63-ftzc-tudk
51
vulnerability VCID-nmmv-bdq9-dued
52
vulnerability VCID-nyz7-hhm1-yqat
53
vulnerability VCID-p2kq-rkh6-ayeu
54
vulnerability VCID-p52e-s67u-eya7
55
vulnerability VCID-pg9r-huax-rqfv
56
vulnerability VCID-pq29-qe7h-tkcp
57
vulnerability VCID-qm38-1cwk-b3hq
58
vulnerability VCID-r2k8-fccc-jfc2
59
vulnerability VCID-sm51-m1g2-47dz
60
vulnerability VCID-sr5y-b8d8-3yd6
61
vulnerability VCID-t17w-gcwe-eue4
62
vulnerability VCID-tc2y-zrea-vyb2
63
vulnerability VCID-te88-ws12-3bc8
64
vulnerability VCID-tm1s-2m92-uyh9
65
vulnerability VCID-tuwu-cznx-jqdb
66
vulnerability VCID-u2yt-tvtw-f3d6
67
vulnerability VCID-u49v-31sv-eqc3
68
vulnerability VCID-ur9h-h6mw-fbdh
69
vulnerability VCID-v4g3-knhd-wqa7
70
vulnerability VCID-w7x4-tung-wyae
71
vulnerability VCID-wazt-hn99-qkdk
72
vulnerability VCID-wrnm-d19b-hqby
73
vulnerability VCID-ya8k-c5s5-47gx
74
vulnerability VCID-ypfw-xhud-bbfs
75
vulnerability VCID-yuer-yn1w-q3gw
76
vulnerability VCID-yuu2-set7-fuet
77
vulnerability VCID-z7fk-zbvh-quew
78
vulnerability VCID-zgy5-8cgd-gqhm
79
vulnerability VCID-zr7a-tdxv-rqff
80
vulnerability VCID-zr8u-z3r4-cbct
81
vulnerability VCID-zu16-xznb-s3c7
82
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-006-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq9-432a-p7bq
2
url VCID-5k79-mfyz-xqhu
vulnerability_id VCID-5k79-mfyz-xqhu
summary SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-003/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-003/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-kqk7-mdnd-hfc7
32
vulnerability VCID-krjm-ygks-wyct
33
vulnerability VCID-kvhv-9fj5-7kgk
34
vulnerability VCID-kw9p-5fbc-hudg
35
vulnerability VCID-kxa8-dmva-ayff
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p52e-s67u-eya7
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qm38-1cwk-b3hq
40
vulnerability VCID-t17w-gcwe-eue4
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-tm1s-2m92-uyh9
43
vulnerability VCID-tuwu-cznx-jqdb
44
vulnerability VCID-u49v-31sv-eqc3
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dq8q-6agw-g3d5
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eddc-w9wx-c3gq
24
vulnerability VCID-enkd-4y44-4ueq
25
vulnerability VCID-fpb7-5pwu-tyg5
26
vulnerability VCID-fyxa-vzeq-ubeq
27
vulnerability VCID-hgkh-tcdc-ufd5
28
vulnerability VCID-j6ze-f76y-cqgy
29
vulnerability VCID-k7bb-y315-4qb6
30
vulnerability VCID-kak1-btjp-kqgz
31
vulnerability VCID-kdyk-rrrr-pufw
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-t17w-gcwe-eue4
40
vulnerability VCID-tc2y-zrea-vyb2
41
vulnerability VCID-tm1s-2m92-uyh9
42
vulnerability VCID-tuwu-cznx-jqdb
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ur9h-h6mw-fbdh
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-krjm-ygks-wyct
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-tm1s-2m92-uyh9
41
vulnerability VCID-tuwu-cznx-jqdb
42
vulnerability VCID-u49v-31sv-eqc3
43
vulnerability VCID-vtva-utdn-jkce
44
vulnerability VCID-wazt-hn99-qkdk
45
vulnerability VCID-wrnm-d19b-hqby
46
vulnerability VCID-ya8k-c5s5-47gx
47
vulnerability VCID-yuer-yn1w-q3gw
48
vulnerability VCID-z7fk-zbvh-quew
49
vulnerability VCID-zgy5-8cgd-gqhm
50
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2016-003-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5k79-mfyz-xqhu
3
url VCID-cq8a-jun5-q3hh
vulnerability_id VCID-cq8a-jun5-q3hh
summary Potential SQL Injection Vulnerability in silverstripe.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-ab5z-bqka-xudb
16
vulnerability VCID-ajga-3b99-yugh
17
vulnerability VCID-axxx-gpfn-mqc9
18
vulnerability VCID-bdcq-z11u-zyh5
19
vulnerability VCID-c3vp-kc9a-vkhn
20
vulnerability VCID-cc1b-b6sm-zbcw
21
vulnerability VCID-cdgj-bdpy-ukak
22
vulnerability VCID-cg3k-vmk4-5kdb
23
vulnerability VCID-dg5e-tkef-buab
24
vulnerability VCID-dgn7-zmwr-u3c6
25
vulnerability VCID-dq8q-6agw-g3d5
26
vulnerability VCID-dx5f-g875-5bct
27
vulnerability VCID-eaqw-9k5p-pybr
28
vulnerability VCID-eddc-w9wx-c3gq
29
vulnerability VCID-ehd6-y3gw-fufu
30
vulnerability VCID-enkd-4y44-4ueq
31
vulnerability VCID-fff2-h9gn-9qhu
32
vulnerability VCID-fpb7-5pwu-tyg5
33
vulnerability VCID-fyxa-vzeq-ubeq
34
vulnerability VCID-hgkh-tcdc-ufd5
35
vulnerability VCID-j6ze-f76y-cqgy
36
vulnerability VCID-k7bb-y315-4qb6
37
vulnerability VCID-kak1-btjp-kqgz
38
vulnerability VCID-kdyk-rrrr-pufw
39
vulnerability VCID-kqk7-mdnd-hfc7
40
vulnerability VCID-krjm-ygks-wyct
41
vulnerability VCID-kvhv-9fj5-7kgk
42
vulnerability VCID-kw9p-5fbc-hudg
43
vulnerability VCID-kxa8-dmva-ayff
44
vulnerability VCID-kz63-ftzc-tudk
45
vulnerability VCID-p2kq-rkh6-ayeu
46
vulnerability VCID-p52e-s67u-eya7
47
vulnerability VCID-pg9r-huax-rqfv
48
vulnerability VCID-pq29-qe7h-tkcp
49
vulnerability VCID-qm38-1cwk-b3hq
50
vulnerability VCID-sm51-m1g2-47dz
51
vulnerability VCID-t17w-gcwe-eue4
52
vulnerability VCID-tc2y-zrea-vyb2
53
vulnerability VCID-te88-ws12-3bc8
54
vulnerability VCID-tm1s-2m92-uyh9
55
vulnerability VCID-tuwu-cznx-jqdb
56
vulnerability VCID-u49v-31sv-eqc3
57
vulnerability VCID-ur9h-h6mw-fbdh
58
vulnerability VCID-w7x4-tung-wyae
59
vulnerability VCID-wazt-hn99-qkdk
60
vulnerability VCID-wrnm-d19b-hqby
61
vulnerability VCID-ya8k-c5s5-47gx
62
vulnerability VCID-ypfw-xhud-bbfs
63
vulnerability VCID-yuer-yn1w-q3gw
64
vulnerability VCID-z7fk-zbvh-quew
65
vulnerability VCID-zgy5-8cgd-gqhm
66
vulnerability VCID-zr7a-tdxv-rqff
67
vulnerability VCID-zr8u-z3r4-cbct
68
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-011-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cq8a-jun5-q3hh
4
url VCID-dq8q-6agw-g3d5
vulnerability_id VCID-dq8q-6agw-g3d5
summary 
Improper Input Validation
`HtmlEditor` improper URL sanitisation.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5k79-mfyz-xqhu
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-cg3k-vmk4-5kdb
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eaqw-9k5p-pybr
24
vulnerability VCID-eddc-w9wx-c3gq
25
vulnerability VCID-enkd-4y44-4ueq
26
vulnerability VCID-fpb7-5pwu-tyg5
27
vulnerability VCID-fyxa-vzeq-ubeq
28
vulnerability VCID-hgkh-tcdc-ufd5
29
vulnerability VCID-j6ze-f76y-cqgy
30
vulnerability VCID-k7bb-y315-4qb6
31
vulnerability VCID-kak1-btjp-kqgz
32
vulnerability VCID-kdyk-rrrr-pufw
33
vulnerability VCID-krjm-ygks-wyct
34
vulnerability VCID-kvhv-9fj5-7kgk
35
vulnerability VCID-kw9p-5fbc-hudg
36
vulnerability VCID-kxa8-dmva-ayff
37
vulnerability VCID-p2kq-rkh6-ayeu
38
vulnerability VCID-p52e-s67u-eya7
39
vulnerability VCID-pq29-qe7h-tkcp
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-te88-ws12-3bc8
43
vulnerability VCID-tm1s-2m92-uyh9
44
vulnerability VCID-tuwu-cznx-jqdb
45
vulnerability VCID-u49v-31sv-eqc3
46
vulnerability VCID-wazt-hn99-qkdk
47
vulnerability VCID-wrnm-d19b-hqby
48
vulnerability VCID-ya8k-c5s5-47gx
49
vulnerability VCID-ypfw-xhud-bbfs
50
vulnerability VCID-yuer-yn1w-q3gw
51
vulnerability VCID-z7fk-zbvh-quew
52
vulnerability VCID-zgy5-8cgd-gqhm
53
vulnerability VCID-zr7a-tdxv-rqff
54
vulnerability VCID-zr8u-z3r4-cbct
55
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dq8q-6agw-g3d5
5
url VCID-f7pc-s4mk-r7br
vulnerability_id VCID-f7pc-s4mk-r7br
summary 
Cross-site Scripting
XSS In FormAction.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-007/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-007/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-35rh-ebhv-k3ds
3
vulnerability VCID-3pwx-7wzy-qbdw
4
vulnerability VCID-414d-7bfm-kud7
5
vulnerability VCID-4f9c-aun4-wfep
6
vulnerability VCID-4x32-t75c-u3bj
7
vulnerability VCID-5k79-mfyz-xqhu
8
vulnerability VCID-5pkg-j4wg-7fcn
9
vulnerability VCID-6du5-hdvd-fueb
10
vulnerability VCID-6epx-c68d-d7bv
11
vulnerability VCID-6j2p-tzvx-9bdj
12
vulnerability VCID-7dk3-gcup-2kc9
13
vulnerability VCID-86yd-4mkt-hydr
14
vulnerability VCID-8wbx-bvm9-jqcv
15
vulnerability VCID-a3yc-fxa1-gfhy
16
vulnerability VCID-a9qn-hsax-uke7
17
vulnerability VCID-ab5z-bqka-xudb
18
vulnerability VCID-ajga-3b99-yugh
19
vulnerability VCID-axxx-gpfn-mqc9
20
vulnerability VCID-bdcq-z11u-zyh5
21
vulnerability VCID-c3vp-kc9a-vkhn
22
vulnerability VCID-cc1b-b6sm-zbcw
23
vulnerability VCID-cdgj-bdpy-ukak
24
vulnerability VCID-cg3k-vmk4-5kdb
25
vulnerability VCID-cq8a-jun5-q3hh
26
vulnerability VCID-dg5e-tkef-buab
27
vulnerability VCID-dgn7-zmwr-u3c6
28
vulnerability VCID-dq8q-6agw-g3d5
29
vulnerability VCID-dx5f-g875-5bct
30
vulnerability VCID-eaqw-9k5p-pybr
31
vulnerability VCID-eddc-w9wx-c3gq
32
vulnerability VCID-ehd6-y3gw-fufu
33
vulnerability VCID-enkd-4y44-4ueq
34
vulnerability VCID-fff2-h9gn-9qhu
35
vulnerability VCID-fpb7-5pwu-tyg5
36
vulnerability VCID-fyxa-vzeq-ubeq
37
vulnerability VCID-gw2k-419z-t7h5
38
vulnerability VCID-hgkh-tcdc-ufd5
39
vulnerability VCID-j5hb-hw1t-nkh3
40
vulnerability VCID-j6ze-f76y-cqgy
41
vulnerability VCID-k7bb-y315-4qb6
42
vulnerability VCID-kak1-btjp-kqgz
43
vulnerability VCID-kdyk-rrrr-pufw
44
vulnerability VCID-kqk7-mdnd-hfc7
45
vulnerability VCID-krjm-ygks-wyct
46
vulnerability VCID-kvfs-x2wd-p3h3
47
vulnerability VCID-kvhv-9fj5-7kgk
48
vulnerability VCID-kw9p-5fbc-hudg
49
vulnerability VCID-kxa8-dmva-ayff
50
vulnerability VCID-kz63-ftzc-tudk
51
vulnerability VCID-nmmv-bdq9-dued
52
vulnerability VCID-nyz7-hhm1-yqat
53
vulnerability VCID-p2kq-rkh6-ayeu
54
vulnerability VCID-p52e-s67u-eya7
55
vulnerability VCID-pg9r-huax-rqfv
56
vulnerability VCID-pq29-qe7h-tkcp
57
vulnerability VCID-qm38-1cwk-b3hq
58
vulnerability VCID-r2k8-fccc-jfc2
59
vulnerability VCID-sm51-m1g2-47dz
60
vulnerability VCID-sr5y-b8d8-3yd6
61
vulnerability VCID-t17w-gcwe-eue4
62
vulnerability VCID-tc2y-zrea-vyb2
63
vulnerability VCID-te88-ws12-3bc8
64
vulnerability VCID-tm1s-2m92-uyh9
65
vulnerability VCID-tuwu-cznx-jqdb
66
vulnerability VCID-u2yt-tvtw-f3d6
67
vulnerability VCID-u49v-31sv-eqc3
68
vulnerability VCID-ur9h-h6mw-fbdh
69
vulnerability VCID-v4g3-knhd-wqa7
70
vulnerability VCID-w7x4-tung-wyae
71
vulnerability VCID-wazt-hn99-qkdk
72
vulnerability VCID-wrnm-d19b-hqby
73
vulnerability VCID-ya8k-c5s5-47gx
74
vulnerability VCID-ypfw-xhud-bbfs
75
vulnerability VCID-yuer-yn1w-q3gw
76
vulnerability VCID-yuu2-set7-fuet
77
vulnerability VCID-z7fk-zbvh-quew
78
vulnerability VCID-zgy5-8cgd-gqhm
79
vulnerability VCID-zr7a-tdxv-rqff
80
vulnerability VCID-zr8u-z3r4-cbct
81
vulnerability VCID-zu16-xznb-s3c7
82
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-007-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f7pc-s4mk-r7br
6
url VCID-fff2-h9gn-9qhu
vulnerability_id VCID-fff2-h9gn-9qhu
summary 
XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.16
purl pkg:composer/silverstripe/framework@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5k79-mfyz-xqhu
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-cg3k-vmk4-5kdb
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eaqw-9k5p-pybr
24
vulnerability VCID-eddc-w9wx-c3gq
25
vulnerability VCID-enkd-4y44-4ueq
26
vulnerability VCID-fpb7-5pwu-tyg5
27
vulnerability VCID-fyxa-vzeq-ubeq
28
vulnerability VCID-hgkh-tcdc-ufd5
29
vulnerability VCID-j6ze-f76y-cqgy
30
vulnerability VCID-k7bb-y315-4qb6
31
vulnerability VCID-kak1-btjp-kqgz
32
vulnerability VCID-kdyk-rrrr-pufw
33
vulnerability VCID-kqk7-mdnd-hfc7
34
vulnerability VCID-krjm-ygks-wyct
35
vulnerability VCID-kvhv-9fj5-7kgk
36
vulnerability VCID-kw9p-5fbc-hudg
37
vulnerability VCID-kxa8-dmva-ayff
38
vulnerability VCID-p2kq-rkh6-ayeu
39
vulnerability VCID-p52e-s67u-eya7
40
vulnerability VCID-pq29-qe7h-tkcp
41
vulnerability VCID-qm38-1cwk-b3hq
42
vulnerability VCID-t17w-gcwe-eue4
43
vulnerability VCID-tc2y-zrea-vyb2
44
vulnerability VCID-te88-ws12-3bc8
45
vulnerability VCID-tm1s-2m92-uyh9
46
vulnerability VCID-tuwu-cznx-jqdb
47
vulnerability VCID-u49v-31sv-eqc3
48
vulnerability VCID-wazt-hn99-qkdk
49
vulnerability VCID-wrnm-d19b-hqby
50
vulnerability VCID-ya8k-c5s5-47gx
51
vulnerability VCID-ypfw-xhud-bbfs
52
vulnerability VCID-yuer-yn1w-q3gw
53
vulnerability VCID-z7fk-zbvh-quew
54
vulnerability VCID-zgy5-8cgd-gqhm
55
vulnerability VCID-zr7a-tdxv-rqff
56
vulnerability VCID-zr8u-z3r4-cbct
57
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dq8q-6agw-g3d5
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eddc-w9wx-c3gq
24
vulnerability VCID-enkd-4y44-4ueq
25
vulnerability VCID-fpb7-5pwu-tyg5
26
vulnerability VCID-fyxa-vzeq-ubeq
27
vulnerability VCID-hgkh-tcdc-ufd5
28
vulnerability VCID-j6ze-f76y-cqgy
29
vulnerability VCID-k7bb-y315-4qb6
30
vulnerability VCID-kak1-btjp-kqgz
31
vulnerability VCID-kdyk-rrrr-pufw
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-t17w-gcwe-eue4
40
vulnerability VCID-tc2y-zrea-vyb2
41
vulnerability VCID-tm1s-2m92-uyh9
42
vulnerability VCID-tuwu-cznx-jqdb
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ur9h-h6mw-fbdh
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5k79-mfyz-xqhu
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-cg3k-vmk4-5kdb
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eaqw-9k5p-pybr
24
vulnerability VCID-eddc-w9wx-c3gq
25
vulnerability VCID-enkd-4y44-4ueq
26
vulnerability VCID-fpb7-5pwu-tyg5
27
vulnerability VCID-fyxa-vzeq-ubeq
28
vulnerability VCID-hgkh-tcdc-ufd5
29
vulnerability VCID-j6ze-f76y-cqgy
30
vulnerability VCID-k7bb-y315-4qb6
31
vulnerability VCID-kak1-btjp-kqgz
32
vulnerability VCID-kdyk-rrrr-pufw
33
vulnerability VCID-krjm-ygks-wyct
34
vulnerability VCID-kvhv-9fj5-7kgk
35
vulnerability VCID-kw9p-5fbc-hudg
36
vulnerability VCID-kxa8-dmva-ayff
37
vulnerability VCID-p2kq-rkh6-ayeu
38
vulnerability VCID-p52e-s67u-eya7
39
vulnerability VCID-pq29-qe7h-tkcp
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-te88-ws12-3bc8
43
vulnerability VCID-tm1s-2m92-uyh9
44
vulnerability VCID-tuwu-cznx-jqdb
45
vulnerability VCID-u49v-31sv-eqc3
46
vulnerability VCID-wazt-hn99-qkdk
47
vulnerability VCID-wrnm-d19b-hqby
48
vulnerability VCID-ya8k-c5s5-47gx
49
vulnerability VCID-ypfw-xhud-bbfs
50
vulnerability VCID-yuer-yn1w-q3gw
51
vulnerability VCID-z7fk-zbvh-quew
52
vulnerability VCID-zgy5-8cgd-gqhm
53
vulnerability VCID-zr7a-tdxv-rqff
54
vulnerability VCID-zr8u-z3r4-cbct
55
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fff2-h9gn-9qhu
7
url VCID-gw2k-419z-t7h5
vulnerability_id VCID-gw2k-419z-t7h5
summary 
Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-ab5z-bqka-xudb
16
vulnerability VCID-ajga-3b99-yugh
17
vulnerability VCID-axxx-gpfn-mqc9
18
vulnerability VCID-bdcq-z11u-zyh5
19
vulnerability VCID-c3vp-kc9a-vkhn
20
vulnerability VCID-cc1b-b6sm-zbcw
21
vulnerability VCID-cdgj-bdpy-ukak
22
vulnerability VCID-cg3k-vmk4-5kdb
23
vulnerability VCID-dg5e-tkef-buab
24
vulnerability VCID-dgn7-zmwr-u3c6
25
vulnerability VCID-dq8q-6agw-g3d5
26
vulnerability VCID-dx5f-g875-5bct
27
vulnerability VCID-eaqw-9k5p-pybr
28
vulnerability VCID-eddc-w9wx-c3gq
29
vulnerability VCID-ehd6-y3gw-fufu
30
vulnerability VCID-enkd-4y44-4ueq
31
vulnerability VCID-fff2-h9gn-9qhu
32
vulnerability VCID-fpb7-5pwu-tyg5
33
vulnerability VCID-fyxa-vzeq-ubeq
34
vulnerability VCID-hgkh-tcdc-ufd5
35
vulnerability VCID-j6ze-f76y-cqgy
36
vulnerability VCID-k7bb-y315-4qb6
37
vulnerability VCID-kak1-btjp-kqgz
38
vulnerability VCID-kdyk-rrrr-pufw
39
vulnerability VCID-kqk7-mdnd-hfc7
40
vulnerability VCID-krjm-ygks-wyct
41
vulnerability VCID-kvhv-9fj5-7kgk
42
vulnerability VCID-kw9p-5fbc-hudg
43
vulnerability VCID-kxa8-dmva-ayff
44
vulnerability VCID-kz63-ftzc-tudk
45
vulnerability VCID-p2kq-rkh6-ayeu
46
vulnerability VCID-p52e-s67u-eya7
47
vulnerability VCID-pg9r-huax-rqfv
48
vulnerability VCID-pq29-qe7h-tkcp
49
vulnerability VCID-qm38-1cwk-b3hq
50
vulnerability VCID-sm51-m1g2-47dz
51
vulnerability VCID-t17w-gcwe-eue4
52
vulnerability VCID-tc2y-zrea-vyb2
53
vulnerability VCID-te88-ws12-3bc8
54
vulnerability VCID-tm1s-2m92-uyh9
55
vulnerability VCID-tuwu-cznx-jqdb
56
vulnerability VCID-u49v-31sv-eqc3
57
vulnerability VCID-ur9h-h6mw-fbdh
58
vulnerability VCID-w7x4-tung-wyae
59
vulnerability VCID-wazt-hn99-qkdk
60
vulnerability VCID-wrnm-d19b-hqby
61
vulnerability VCID-ya8k-c5s5-47gx
62
vulnerability VCID-ypfw-xhud-bbfs
63
vulnerability VCID-yuer-yn1w-q3gw
64
vulnerability VCID-z7fk-zbvh-quew
65
vulnerability VCID-zgy5-8cgd-gqhm
66
vulnerability VCID-zr7a-tdxv-rqff
67
vulnerability VCID-zr8u-z3r4-cbct
68
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-014-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw2k-419z-t7h5
8
url VCID-j5hb-hw1t-nkh3
vulnerability_id VCID-j5hb-hw1t-nkh3
summary 
Cross-site Scripting
XSS in `Director::force_redirect()`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-a9qn-hsax-uke7
16
vulnerability VCID-ab5z-bqka-xudb
17
vulnerability VCID-ajga-3b99-yugh
18
vulnerability VCID-axxx-gpfn-mqc9
19
vulnerability VCID-bdcq-z11u-zyh5
20
vulnerability VCID-c3vp-kc9a-vkhn
21
vulnerability VCID-cc1b-b6sm-zbcw
22
vulnerability VCID-cdgj-bdpy-ukak
23
vulnerability VCID-cg3k-vmk4-5kdb
24
vulnerability VCID-cq8a-jun5-q3hh
25
vulnerability VCID-dg5e-tkef-buab
26
vulnerability VCID-dgn7-zmwr-u3c6
27
vulnerability VCID-dq8q-6agw-g3d5
28
vulnerability VCID-dx5f-g875-5bct
29
vulnerability VCID-eaqw-9k5p-pybr
30
vulnerability VCID-eddc-w9wx-c3gq
31
vulnerability VCID-ehd6-y3gw-fufu
32
vulnerability VCID-enkd-4y44-4ueq
33
vulnerability VCID-fff2-h9gn-9qhu
34
vulnerability VCID-fpb7-5pwu-tyg5
35
vulnerability VCID-fyxa-vzeq-ubeq
36
vulnerability VCID-gw2k-419z-t7h5
37
vulnerability VCID-hgkh-tcdc-ufd5
38
vulnerability VCID-j6ze-f76y-cqgy
39
vulnerability VCID-k7bb-y315-4qb6
40
vulnerability VCID-kak1-btjp-kqgz
41
vulnerability VCID-kdyk-rrrr-pufw
42
vulnerability VCID-kqk7-mdnd-hfc7
43
vulnerability VCID-krjm-ygks-wyct
44
vulnerability VCID-kvhv-9fj5-7kgk
45
vulnerability VCID-kw9p-5fbc-hudg
46
vulnerability VCID-kxa8-dmva-ayff
47
vulnerability VCID-kz63-ftzc-tudk
48
vulnerability VCID-p2kq-rkh6-ayeu
49
vulnerability VCID-p52e-s67u-eya7
50
vulnerability VCID-pg9r-huax-rqfv
51
vulnerability VCID-pq29-qe7h-tkcp
52
vulnerability VCID-qm38-1cwk-b3hq
53
vulnerability VCID-sm51-m1g2-47dz
54
vulnerability VCID-sr5y-b8d8-3yd6
55
vulnerability VCID-t17w-gcwe-eue4
56
vulnerability VCID-tc2y-zrea-vyb2
57
vulnerability VCID-te88-ws12-3bc8
58
vulnerability VCID-tm1s-2m92-uyh9
59
vulnerability VCID-tuwu-cznx-jqdb
60
vulnerability VCID-u2yt-tvtw-f3d6
61
vulnerability VCID-u49v-31sv-eqc3
62
vulnerability VCID-ur9h-h6mw-fbdh
63
vulnerability VCID-v4g3-knhd-wqa7
64
vulnerability VCID-w7x4-tung-wyae
65
vulnerability VCID-wazt-hn99-qkdk
66
vulnerability VCID-wrnm-d19b-hqby
67
vulnerability VCID-ya8k-c5s5-47gx
68
vulnerability VCID-ypfw-xhud-bbfs
69
vulnerability VCID-yuer-yn1w-q3gw
70
vulnerability VCID-yuu2-set7-fuet
71
vulnerability VCID-z7fk-zbvh-quew
72
vulnerability VCID-zgy5-8cgd-gqhm
73
vulnerability VCID-zr7a-tdxv-rqff
74
vulnerability VCID-zr8u-z3r4-cbct
75
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-010-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hb-hw1t-nkh3
9
url VCID-kvfs-x2wd-p3h3
vulnerability_id VCID-kvfs-x2wd-p3h3
summary 
IE requests issue
IE requests not properly behaving with `rewritehashlinks`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-a9qn-hsax-uke7
15
vulnerability VCID-ab5z-bqka-xudb
16
vulnerability VCID-ajga-3b99-yugh
17
vulnerability VCID-axxx-gpfn-mqc9
18
vulnerability VCID-bdcq-z11u-zyh5
19
vulnerability VCID-c3vp-kc9a-vkhn
20
vulnerability VCID-cc1b-b6sm-zbcw
21
vulnerability VCID-cdgj-bdpy-ukak
22
vulnerability VCID-cq8a-jun5-q3hh
23
vulnerability VCID-dgn7-zmwr-u3c6
24
vulnerability VCID-dq8q-6agw-g3d5
25
vulnerability VCID-dx5f-g875-5bct
26
vulnerability VCID-eaqw-9k5p-pybr
27
vulnerability VCID-eddc-w9wx-c3gq
28
vulnerability VCID-enkd-4y44-4ueq
29
vulnerability VCID-fff2-h9gn-9qhu
30
vulnerability VCID-fpb7-5pwu-tyg5
31
vulnerability VCID-fyxa-vzeq-ubeq
32
vulnerability VCID-gw2k-419z-t7h5
33
vulnerability VCID-hgkh-tcdc-ufd5
34
vulnerability VCID-j6ze-f76y-cqgy
35
vulnerability VCID-k7bb-y315-4qb6
36
vulnerability VCID-kak1-btjp-kqgz
37
vulnerability VCID-kdyk-rrrr-pufw
38
vulnerability VCID-krjm-ygks-wyct
39
vulnerability VCID-kvhv-9fj5-7kgk
40
vulnerability VCID-kw9p-5fbc-hudg
41
vulnerability VCID-kxa8-dmva-ayff
42
vulnerability VCID-kz63-ftzc-tudk
43
vulnerability VCID-p2kq-rkh6-ayeu
44
vulnerability VCID-p52e-s67u-eya7
45
vulnerability VCID-pg9r-huax-rqfv
46
vulnerability VCID-pq29-qe7h-tkcp
47
vulnerability VCID-qm38-1cwk-b3hq
48
vulnerability VCID-sm51-m1g2-47dz
49
vulnerability VCID-t17w-gcwe-eue4
50
vulnerability VCID-tc2y-zrea-vyb2
51
vulnerability VCID-te88-ws12-3bc8
52
vulnerability VCID-tm1s-2m92-uyh9
53
vulnerability VCID-tuwu-cznx-jqdb
54
vulnerability VCID-u2yt-tvtw-f3d6
55
vulnerability VCID-u49v-31sv-eqc3
56
vulnerability VCID-ur9h-h6mw-fbdh
57
vulnerability VCID-wazt-hn99-qkdk
58
vulnerability VCID-wrnm-d19b-hqby
59
vulnerability VCID-ya8k-c5s5-47gx
60
vulnerability VCID-ypfw-xhud-bbfs
61
vulnerability VCID-yuer-yn1w-q3gw
62
vulnerability VCID-yuu2-set7-fuet
63
vulnerability VCID-z7fk-zbvh-quew
64
vulnerability VCID-zgy5-8cgd-gqhm
65
vulnerability VCID-zu16-xznb-s3c7
66
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-a9qn-hsax-uke7
16
vulnerability VCID-ab5z-bqka-xudb
17
vulnerability VCID-ajga-3b99-yugh
18
vulnerability VCID-axxx-gpfn-mqc9
19
vulnerability VCID-bdcq-z11u-zyh5
20
vulnerability VCID-c3vp-kc9a-vkhn
21
vulnerability VCID-cc1b-b6sm-zbcw
22
vulnerability VCID-cdgj-bdpy-ukak
23
vulnerability VCID-cg3k-vmk4-5kdb
24
vulnerability VCID-cq8a-jun5-q3hh
25
vulnerability VCID-dg5e-tkef-buab
26
vulnerability VCID-dgn7-zmwr-u3c6
27
vulnerability VCID-dq8q-6agw-g3d5
28
vulnerability VCID-dx5f-g875-5bct
29
vulnerability VCID-eaqw-9k5p-pybr
30
vulnerability VCID-eddc-w9wx-c3gq
31
vulnerability VCID-ehd6-y3gw-fufu
32
vulnerability VCID-enkd-4y44-4ueq
33
vulnerability VCID-fff2-h9gn-9qhu
34
vulnerability VCID-fpb7-5pwu-tyg5
35
vulnerability VCID-fyxa-vzeq-ubeq
36
vulnerability VCID-gw2k-419z-t7h5
37
vulnerability VCID-hgkh-tcdc-ufd5
38
vulnerability VCID-j6ze-f76y-cqgy
39
vulnerability VCID-k7bb-y315-4qb6
40
vulnerability VCID-kak1-btjp-kqgz
41
vulnerability VCID-kdyk-rrrr-pufw
42
vulnerability VCID-kqk7-mdnd-hfc7
43
vulnerability VCID-krjm-ygks-wyct
44
vulnerability VCID-kvhv-9fj5-7kgk
45
vulnerability VCID-kw9p-5fbc-hudg
46
vulnerability VCID-kxa8-dmva-ayff
47
vulnerability VCID-kz63-ftzc-tudk
48
vulnerability VCID-p2kq-rkh6-ayeu
49
vulnerability VCID-p52e-s67u-eya7
50
vulnerability VCID-pg9r-huax-rqfv
51
vulnerability VCID-pq29-qe7h-tkcp
52
vulnerability VCID-qm38-1cwk-b3hq
53
vulnerability VCID-sm51-m1g2-47dz
54
vulnerability VCID-sr5y-b8d8-3yd6
55
vulnerability VCID-t17w-gcwe-eue4
56
vulnerability VCID-tc2y-zrea-vyb2
57
vulnerability VCID-te88-ws12-3bc8
58
vulnerability VCID-tm1s-2m92-uyh9
59
vulnerability VCID-tuwu-cznx-jqdb
60
vulnerability VCID-u2yt-tvtw-f3d6
61
vulnerability VCID-u49v-31sv-eqc3
62
vulnerability VCID-ur9h-h6mw-fbdh
63
vulnerability VCID-v4g3-knhd-wqa7
64
vulnerability VCID-w7x4-tung-wyae
65
vulnerability VCID-wazt-hn99-qkdk
66
vulnerability VCID-wrnm-d19b-hqby
67
vulnerability VCID-ya8k-c5s5-47gx
68
vulnerability VCID-ypfw-xhud-bbfs
69
vulnerability VCID-yuer-yn1w-q3gw
70
vulnerability VCID-yuu2-set7-fuet
71
vulnerability VCID-z7fk-zbvh-quew
72
vulnerability VCID-zgy5-8cgd-gqhm
73
vulnerability VCID-zr7a-tdxv-rqff
74
vulnerability VCID-zr8u-z3r4-cbct
75
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2014-015-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfs-x2wd-p3h3
10
url VCID-mys2-zz4g-kygp
vulnerability_id VCID-mys2-zz4g-kygp
summary 
Uncontrolled Resource Consumption
XML Quadratic Blowup vulnerability.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-a9qn-hsax-uke7
16
vulnerability VCID-ab5z-bqka-xudb
17
vulnerability VCID-ajga-3b99-yugh
18
vulnerability VCID-axxx-gpfn-mqc9
19
vulnerability VCID-bdcq-z11u-zyh5
20
vulnerability VCID-c3vp-kc9a-vkhn
21
vulnerability VCID-cc1b-b6sm-zbcw
22
vulnerability VCID-cdgj-bdpy-ukak
23
vulnerability VCID-cg3k-vmk4-5kdb
24
vulnerability VCID-cq8a-jun5-q3hh
25
vulnerability VCID-dg5e-tkef-buab
26
vulnerability VCID-dgn7-zmwr-u3c6
27
vulnerability VCID-dq8q-6agw-g3d5
28
vulnerability VCID-dx5f-g875-5bct
29
vulnerability VCID-eaqw-9k5p-pybr
30
vulnerability VCID-eddc-w9wx-c3gq
31
vulnerability VCID-ehd6-y3gw-fufu
32
vulnerability VCID-enkd-4y44-4ueq
33
vulnerability VCID-fff2-h9gn-9qhu
34
vulnerability VCID-fpb7-5pwu-tyg5
35
vulnerability VCID-fyxa-vzeq-ubeq
36
vulnerability VCID-gw2k-419z-t7h5
37
vulnerability VCID-hgkh-tcdc-ufd5
38
vulnerability VCID-j6ze-f76y-cqgy
39
vulnerability VCID-k7bb-y315-4qb6
40
vulnerability VCID-kak1-btjp-kqgz
41
vulnerability VCID-kdyk-rrrr-pufw
42
vulnerability VCID-kqk7-mdnd-hfc7
43
vulnerability VCID-krjm-ygks-wyct
44
vulnerability VCID-kvhv-9fj5-7kgk
45
vulnerability VCID-kw9p-5fbc-hudg
46
vulnerability VCID-kxa8-dmva-ayff
47
vulnerability VCID-kz63-ftzc-tudk
48
vulnerability VCID-p2kq-rkh6-ayeu
49
vulnerability VCID-p52e-s67u-eya7
50
vulnerability VCID-pg9r-huax-rqfv
51
vulnerability VCID-pq29-qe7h-tkcp
52
vulnerability VCID-qm38-1cwk-b3hq
53
vulnerability VCID-sm51-m1g2-47dz
54
vulnerability VCID-sr5y-b8d8-3yd6
55
vulnerability VCID-t17w-gcwe-eue4
56
vulnerability VCID-tc2y-zrea-vyb2
57
vulnerability VCID-te88-ws12-3bc8
58
vulnerability VCID-tm1s-2m92-uyh9
59
vulnerability VCID-tuwu-cznx-jqdb
60
vulnerability VCID-u2yt-tvtw-f3d6
61
vulnerability VCID-u49v-31sv-eqc3
62
vulnerability VCID-ur9h-h6mw-fbdh
63
vulnerability VCID-v4g3-knhd-wqa7
64
vulnerability VCID-w7x4-tung-wyae
65
vulnerability VCID-wazt-hn99-qkdk
66
vulnerability VCID-wrnm-d19b-hqby
67
vulnerability VCID-ya8k-c5s5-47gx
68
vulnerability VCID-ypfw-xhud-bbfs
69
vulnerability VCID-yuer-yn1w-q3gw
70
vulnerability VCID-yuu2-set7-fuet
71
vulnerability VCID-z7fk-zbvh-quew
72
vulnerability VCID-zgy5-8cgd-gqhm
73
vulnerability VCID-zr7a-tdxv-rqff
74
vulnerability VCID-zr8u-z3r4-cbct
75
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2014-017-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mys2-zz4g-kygp
11
url VCID-pvjn-ymze-1qbd
vulnerability_id VCID-pvjn-ymze-1qbd
summary 
Cross-site Scripting
TreeDropdownField and TreeMultiSelectField XSS.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-004/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-004/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.10
purl pkg:composer/silverstripe/framework@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-35rh-ebhv-k3ds
3
vulnerability VCID-3pwx-7wzy-qbdw
4
vulnerability VCID-414d-7bfm-kud7
5
vulnerability VCID-4f9c-aun4-wfep
6
vulnerability VCID-4x32-t75c-u3bj
7
vulnerability VCID-5k79-mfyz-xqhu
8
vulnerability VCID-5pkg-j4wg-7fcn
9
vulnerability VCID-6du5-hdvd-fueb
10
vulnerability VCID-6epx-c68d-d7bv
11
vulnerability VCID-6j2p-tzvx-9bdj
12
vulnerability VCID-7dk3-gcup-2kc9
13
vulnerability VCID-86yd-4mkt-hydr
14
vulnerability VCID-8wbx-bvm9-jqcv
15
vulnerability VCID-a3yc-fxa1-gfhy
16
vulnerability VCID-a9qn-hsax-uke7
17
vulnerability VCID-ab5z-bqka-xudb
18
vulnerability VCID-ajga-3b99-yugh
19
vulnerability VCID-axxx-gpfn-mqc9
20
vulnerability VCID-bdcq-z11u-zyh5
21
vulnerability VCID-c3vp-kc9a-vkhn
22
vulnerability VCID-cc1b-b6sm-zbcw
23
vulnerability VCID-cdgj-bdpy-ukak
24
vulnerability VCID-cg3k-vmk4-5kdb
25
vulnerability VCID-cq8a-jun5-q3hh
26
vulnerability VCID-dg5e-tkef-buab
27
vulnerability VCID-dgn7-zmwr-u3c6
28
vulnerability VCID-dq8q-6agw-g3d5
29
vulnerability VCID-dx5f-g875-5bct
30
vulnerability VCID-eaqw-9k5p-pybr
31
vulnerability VCID-eddc-w9wx-c3gq
32
vulnerability VCID-ehd6-y3gw-fufu
33
vulnerability VCID-enkd-4y44-4ueq
34
vulnerability VCID-fff2-h9gn-9qhu
35
vulnerability VCID-fpb7-5pwu-tyg5
36
vulnerability VCID-fyxa-vzeq-ubeq
37
vulnerability VCID-gw2k-419z-t7h5
38
vulnerability VCID-hgkh-tcdc-ufd5
39
vulnerability VCID-j5hb-hw1t-nkh3
40
vulnerability VCID-j6ze-f76y-cqgy
41
vulnerability VCID-k7bb-y315-4qb6
42
vulnerability VCID-kak1-btjp-kqgz
43
vulnerability VCID-kdyk-rrrr-pufw
44
vulnerability VCID-kqk7-mdnd-hfc7
45
vulnerability VCID-krjm-ygks-wyct
46
vulnerability VCID-kvfs-x2wd-p3h3
47
vulnerability VCID-kvhv-9fj5-7kgk
48
vulnerability VCID-kw9p-5fbc-hudg
49
vulnerability VCID-kxa8-dmva-ayff
50
vulnerability VCID-kz63-ftzc-tudk
51
vulnerability VCID-nmmv-bdq9-dued
52
vulnerability VCID-nyz7-hhm1-yqat
53
vulnerability VCID-p2kq-rkh6-ayeu
54
vulnerability VCID-p52e-s67u-eya7
55
vulnerability VCID-pg9r-huax-rqfv
56
vulnerability VCID-pq29-qe7h-tkcp
57
vulnerability VCID-qm38-1cwk-b3hq
58
vulnerability VCID-r2k8-fccc-jfc2
59
vulnerability VCID-sm51-m1g2-47dz
60
vulnerability VCID-sr5y-b8d8-3yd6
61
vulnerability VCID-t17w-gcwe-eue4
62
vulnerability VCID-tc2y-zrea-vyb2
63
vulnerability VCID-te88-ws12-3bc8
64
vulnerability VCID-tm1s-2m92-uyh9
65
vulnerability VCID-tuwu-cznx-jqdb
66
vulnerability VCID-u2yt-tvtw-f3d6
67
vulnerability VCID-u49v-31sv-eqc3
68
vulnerability VCID-ur9h-h6mw-fbdh
69
vulnerability VCID-v4g3-knhd-wqa7
70
vulnerability VCID-w7x4-tung-wyae
71
vulnerability VCID-wazt-hn99-qkdk
72
vulnerability VCID-wrnm-d19b-hqby
73
vulnerability VCID-ya8k-c5s5-47gx
74
vulnerability VCID-ypfw-xhud-bbfs
75
vulnerability VCID-yuer-yn1w-q3gw
76
vulnerability VCID-yuu2-set7-fuet
77
vulnerability VCID-z7fk-zbvh-quew
78
vulnerability VCID-zgy5-8cgd-gqhm
79
vulnerability VCID-zr7a-tdxv-rqff
80
vulnerability VCID-zr8u-z3r4-cbct
81
vulnerability VCID-zu16-xznb-s3c7
82
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-004-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjn-ymze-1qbd
12
url VCID-r2k8-fccc-jfc2
vulnerability_id VCID-r2k8-fccc-jfc2
summary 
Cross-site Scripting
XSS In rewritten hash links.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-a9qn-hsax-uke7
15
vulnerability VCID-ab5z-bqka-xudb
16
vulnerability VCID-ajga-3b99-yugh
17
vulnerability VCID-axxx-gpfn-mqc9
18
vulnerability VCID-bdcq-z11u-zyh5
19
vulnerability VCID-c3vp-kc9a-vkhn
20
vulnerability VCID-cc1b-b6sm-zbcw
21
vulnerability VCID-cdgj-bdpy-ukak
22
vulnerability VCID-cq8a-jun5-q3hh
23
vulnerability VCID-dgn7-zmwr-u3c6
24
vulnerability VCID-dq8q-6agw-g3d5
25
vulnerability VCID-dx5f-g875-5bct
26
vulnerability VCID-eaqw-9k5p-pybr
27
vulnerability VCID-eddc-w9wx-c3gq
28
vulnerability VCID-enkd-4y44-4ueq
29
vulnerability VCID-fff2-h9gn-9qhu
30
vulnerability VCID-fpb7-5pwu-tyg5
31
vulnerability VCID-fyxa-vzeq-ubeq
32
vulnerability VCID-gw2k-419z-t7h5
33
vulnerability VCID-hgkh-tcdc-ufd5
34
vulnerability VCID-j6ze-f76y-cqgy
35
vulnerability VCID-k7bb-y315-4qb6
36
vulnerability VCID-kak1-btjp-kqgz
37
vulnerability VCID-kdyk-rrrr-pufw
38
vulnerability VCID-krjm-ygks-wyct
39
vulnerability VCID-kvhv-9fj5-7kgk
40
vulnerability VCID-kw9p-5fbc-hudg
41
vulnerability VCID-kxa8-dmva-ayff
42
vulnerability VCID-kz63-ftzc-tudk
43
vulnerability VCID-p2kq-rkh6-ayeu
44
vulnerability VCID-p52e-s67u-eya7
45
vulnerability VCID-pg9r-huax-rqfv
46
vulnerability VCID-pq29-qe7h-tkcp
47
vulnerability VCID-qm38-1cwk-b3hq
48
vulnerability VCID-sm51-m1g2-47dz
49
vulnerability VCID-t17w-gcwe-eue4
50
vulnerability VCID-tc2y-zrea-vyb2
51
vulnerability VCID-te88-ws12-3bc8
52
vulnerability VCID-tm1s-2m92-uyh9
53
vulnerability VCID-tuwu-cznx-jqdb
54
vulnerability VCID-u2yt-tvtw-f3d6
55
vulnerability VCID-u49v-31sv-eqc3
56
vulnerability VCID-ur9h-h6mw-fbdh
57
vulnerability VCID-wazt-hn99-qkdk
58
vulnerability VCID-wrnm-d19b-hqby
59
vulnerability VCID-ya8k-c5s5-47gx
60
vulnerability VCID-ypfw-xhud-bbfs
61
vulnerability VCID-yuer-yn1w-q3gw
62
vulnerability VCID-yuu2-set7-fuet
63
vulnerability VCID-z7fk-zbvh-quew
64
vulnerability VCID-zgy5-8cgd-gqhm
65
vulnerability VCID-zu16-xznb-s3c7
66
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cc1b-b6sm-zbcw
20
vulnerability VCID-cdgj-bdpy-ukak
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dq8q-6agw-g3d5
23
vulnerability VCID-dx5f-g875-5bct
24
vulnerability VCID-eaqw-9k5p-pybr
25
vulnerability VCID-eddc-w9wx-c3gq
26
vulnerability VCID-enkd-4y44-4ueq
27
vulnerability VCID-fff2-h9gn-9qhu
28
vulnerability VCID-fpb7-5pwu-tyg5
29
vulnerability VCID-fyxa-vzeq-ubeq
30
vulnerability VCID-hgkh-tcdc-ufd5
31
vulnerability VCID-j6ze-f76y-cqgy
32
vulnerability VCID-k7bb-y315-4qb6
33
vulnerability VCID-kak1-btjp-kqgz
34
vulnerability VCID-kdyk-rrrr-pufw
35
vulnerability VCID-krjm-ygks-wyct
36
vulnerability VCID-kvhv-9fj5-7kgk
37
vulnerability VCID-kw9p-5fbc-hudg
38
vulnerability VCID-kxa8-dmva-ayff
39
vulnerability VCID-kz63-ftzc-tudk
40
vulnerability VCID-p2kq-rkh6-ayeu
41
vulnerability VCID-p52e-s67u-eya7
42
vulnerability VCID-pg9r-huax-rqfv
43
vulnerability VCID-pq29-qe7h-tkcp
44
vulnerability VCID-qm38-1cwk-b3hq
45
vulnerability VCID-sm51-m1g2-47dz
46
vulnerability VCID-t17w-gcwe-eue4
47
vulnerability VCID-tc2y-zrea-vyb2
48
vulnerability VCID-te88-ws12-3bc8
49
vulnerability VCID-tm1s-2m92-uyh9
50
vulnerability VCID-tuwu-cznx-jqdb
51
vulnerability VCID-u49v-31sv-eqc3
52
vulnerability VCID-ur9h-h6mw-fbdh
53
vulnerability VCID-wazt-hn99-qkdk
54
vulnerability VCID-wrnm-d19b-hqby
55
vulnerability VCID-ya8k-c5s5-47gx
56
vulnerability VCID-ypfw-xhud-bbfs
57
vulnerability VCID-yuer-yn1w-q3gw
58
vulnerability VCID-z7fk-zbvh-quew
59
vulnerability VCID-zgy5-8cgd-gqhm
60
vulnerability VCID-zu16-xznb-s3c7
61
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5k79-mfyz-xqhu
7
vulnerability VCID-5pkg-j4wg-7fcn
8
vulnerability VCID-6du5-hdvd-fueb
9
vulnerability VCID-6epx-c68d-d7bv
10
vulnerability VCID-6j2p-tzvx-9bdj
11
vulnerability VCID-7dk3-gcup-2kc9
12
vulnerability VCID-86yd-4mkt-hydr
13
vulnerability VCID-8wbx-bvm9-jqcv
14
vulnerability VCID-a3yc-fxa1-gfhy
15
vulnerability VCID-a9qn-hsax-uke7
16
vulnerability VCID-ab5z-bqka-xudb
17
vulnerability VCID-ajga-3b99-yugh
18
vulnerability VCID-axxx-gpfn-mqc9
19
vulnerability VCID-bdcq-z11u-zyh5
20
vulnerability VCID-c3vp-kc9a-vkhn
21
vulnerability VCID-cc1b-b6sm-zbcw
22
vulnerability VCID-cdgj-bdpy-ukak
23
vulnerability VCID-cg3k-vmk4-5kdb
24
vulnerability VCID-cq8a-jun5-q3hh
25
vulnerability VCID-dg5e-tkef-buab
26
vulnerability VCID-dgn7-zmwr-u3c6
27
vulnerability VCID-dq8q-6agw-g3d5
28
vulnerability VCID-dx5f-g875-5bct
29
vulnerability VCID-eaqw-9k5p-pybr
30
vulnerability VCID-eddc-w9wx-c3gq
31
vulnerability VCID-ehd6-y3gw-fufu
32
vulnerability VCID-enkd-4y44-4ueq
33
vulnerability VCID-fff2-h9gn-9qhu
34
vulnerability VCID-fpb7-5pwu-tyg5
35
vulnerability VCID-fyxa-vzeq-ubeq
36
vulnerability VCID-gw2k-419z-t7h5
37
vulnerability VCID-hgkh-tcdc-ufd5
38
vulnerability VCID-j6ze-f76y-cqgy
39
vulnerability VCID-k7bb-y315-4qb6
40
vulnerability VCID-kak1-btjp-kqgz
41
vulnerability VCID-kdyk-rrrr-pufw
42
vulnerability VCID-kqk7-mdnd-hfc7
43
vulnerability VCID-krjm-ygks-wyct
44
vulnerability VCID-kvhv-9fj5-7kgk
45
vulnerability VCID-kw9p-5fbc-hudg
46
vulnerability VCID-kxa8-dmva-ayff
47
vulnerability VCID-kz63-ftzc-tudk
48
vulnerability VCID-p2kq-rkh6-ayeu
49
vulnerability VCID-p52e-s67u-eya7
50
vulnerability VCID-pg9r-huax-rqfv
51
vulnerability VCID-pq29-qe7h-tkcp
52
vulnerability VCID-qm38-1cwk-b3hq
53
vulnerability VCID-sm51-m1g2-47dz
54
vulnerability VCID-sr5y-b8d8-3yd6
55
vulnerability VCID-t17w-gcwe-eue4
56
vulnerability VCID-tc2y-zrea-vyb2
57
vulnerability VCID-te88-ws12-3bc8
58
vulnerability VCID-tm1s-2m92-uyh9
59
vulnerability VCID-tuwu-cznx-jqdb
60
vulnerability VCID-u2yt-tvtw-f3d6
61
vulnerability VCID-u49v-31sv-eqc3
62
vulnerability VCID-ur9h-h6mw-fbdh
63
vulnerability VCID-v4g3-knhd-wqa7
64
vulnerability VCID-w7x4-tung-wyae
65
vulnerability VCID-wazt-hn99-qkdk
66
vulnerability VCID-wrnm-d19b-hqby
67
vulnerability VCID-ya8k-c5s5-47gx
68
vulnerability VCID-ypfw-xhud-bbfs
69
vulnerability VCID-yuer-yn1w-q3gw
70
vulnerability VCID-yuu2-set7-fuet
71
vulnerability VCID-z7fk-zbvh-quew
72
vulnerability VCID-zgy5-8cgd-gqhm
73
vulnerability VCID-zr7a-tdxv-rqff
74
vulnerability VCID-zr8u-z3r4-cbct
75
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-009-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2k8-fccc-jfc2
13
url VCID-ur9h-h6mw-fbdh
vulnerability_id VCID-ur9h-h6mw-fbdh
summary 
Cross-site Scripting
Form field validation message XSS vulnerability.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5k79-mfyz-xqhu
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-cg3k-vmk4-5kdb
21
vulnerability VCID-dgn7-zmwr-u3c6
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eaqw-9k5p-pybr
24
vulnerability VCID-eddc-w9wx-c3gq
25
vulnerability VCID-enkd-4y44-4ueq
26
vulnerability VCID-fpb7-5pwu-tyg5
27
vulnerability VCID-fyxa-vzeq-ubeq
28
vulnerability VCID-hgkh-tcdc-ufd5
29
vulnerability VCID-j6ze-f76y-cqgy
30
vulnerability VCID-k7bb-y315-4qb6
31
vulnerability VCID-kak1-btjp-kqgz
32
vulnerability VCID-kdyk-rrrr-pufw
33
vulnerability VCID-krjm-ygks-wyct
34
vulnerability VCID-kvhv-9fj5-7kgk
35
vulnerability VCID-kw9p-5fbc-hudg
36
vulnerability VCID-kxa8-dmva-ayff
37
vulnerability VCID-p2kq-rkh6-ayeu
38
vulnerability VCID-p52e-s67u-eya7
39
vulnerability VCID-pq29-qe7h-tkcp
40
vulnerability VCID-qm38-1cwk-b3hq
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-te88-ws12-3bc8
43
vulnerability VCID-tm1s-2m92-uyh9
44
vulnerability VCID-tuwu-cznx-jqdb
45
vulnerability VCID-u49v-31sv-eqc3
46
vulnerability VCID-wazt-hn99-qkdk
47
vulnerability VCID-wrnm-d19b-hqby
48
vulnerability VCID-ya8k-c5s5-47gx
49
vulnerability VCID-ypfw-xhud-bbfs
50
vulnerability VCID-yuer-yn1w-q3gw
51
vulnerability VCID-z7fk-zbvh-quew
52
vulnerability VCID-zgy5-8cgd-gqhm
53
vulnerability VCID-zr7a-tdxv-rqff
54
vulnerability VCID-zr8u-z3r4-cbct
55
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9h-h6mw-fbdh
14
url VCID-xw77-b18v-8kc4
vulnerability_id VCID-xw77-b18v-8kc4
summary 
Reflected XSS in SilverStripe
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user&amp;#39;s credentials or other sensitive user input.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19325
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58139
published_at 2026-04-16T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.57999
published_at 2026-04-01T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.58083
published_at 2026-04-02T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58104
published_at 2026-04-04T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58079
published_at 2026-04-07T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.58133
published_at 2026-04-08T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58137
published_at 2026-04-09T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58153
published_at 2026-04-11T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.5813
published_at 2026-04-12T12:55:00Z
9
value 0.00359
scoring_system epss
scoring_elements 0.58109
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19325
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19325
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19325
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-19325
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-19325
5
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-19325/
reference_id CVE-2019-19325
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-19325/
6
reference_url https://github.com/advisories/GHSA-qvrv-2x7x-78x2
reference_id GHSA-qvrv-2x7x-78x2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvrv-2x7x-78x2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.4.5
purl pkg:composer/silverstripe/framework@4.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.5
1
url pkg:composer/silverstripe/framework@4.5.0-alpha1
purl pkg:composer/silverstripe/framework@4.5.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-kak1-btjp-kqgz
16
vulnerability VCID-kd3t-2gzd-q3hq
17
vulnerability VCID-kgm4-g26x-gken
18
vulnerability VCID-kvhv-9fj5-7kgk
19
vulnerability VCID-kw9p-5fbc-hudg
20
vulnerability VCID-kxa8-dmva-ayff
21
vulnerability VCID-qjgf-hxng-j3g9
22
vulnerability VCID-qm38-1cwk-b3hq
23
vulnerability VCID-tc2y-zrea-vyb2
24
vulnerability VCID-ua49-snhx-dqa4
25
vulnerability VCID-w4fh-cpaq-nqat
26
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1
2
url pkg:composer/silverstripe/framework@4.5.2
purl pkg:composer/silverstripe/framework@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-enkd-4y44-4ueq
13
vulnerability VCID-ftdr-uzuh-8ybc
14
vulnerability VCID-fyxa-vzeq-ubeq
15
vulnerability VCID-gme6-wj87-ekfw
16
vulnerability VCID-kak1-btjp-kqgz
17
vulnerability VCID-kd3t-2gzd-q3hq
18
vulnerability VCID-kgm4-g26x-gken
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-qjgf-hxng-j3g9
23
vulnerability VCID-qm38-1cwk-b3hq
24
vulnerability VCID-tc2y-zrea-vyb2
25
vulnerability VCID-ua49-snhx-dqa4
26
vulnerability VCID-w4fh-cpaq-nqat
27
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.2
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases CVE-2019-19325, GHSA-qvrv-2x7x-78x2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw77-b18v-8kc4
15
url VCID-zr7a-tdxv-rqff
vulnerability_id VCID-zr7a-tdxv-rqff
summary 
Cross-Site Request Forgery (CSRF)
CSRF vulnerability in `GridFieldAddExistingAutocompleter`.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-002/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-002/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-kqk7-mdnd-hfc7
32
vulnerability VCID-krjm-ygks-wyct
33
vulnerability VCID-kvhv-9fj5-7kgk
34
vulnerability VCID-kw9p-5fbc-hudg
35
vulnerability VCID-kxa8-dmva-ayff
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p52e-s67u-eya7
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qm38-1cwk-b3hq
40
vulnerability VCID-t17w-gcwe-eue4
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-tm1s-2m92-uyh9
43
vulnerability VCID-tuwu-cznx-jqdb
44
vulnerability VCID-u49v-31sv-eqc3
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dq8q-6agw-g3d5
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eddc-w9wx-c3gq
24
vulnerability VCID-enkd-4y44-4ueq
25
vulnerability VCID-fpb7-5pwu-tyg5
26
vulnerability VCID-fyxa-vzeq-ubeq
27
vulnerability VCID-hgkh-tcdc-ufd5
28
vulnerability VCID-j6ze-f76y-cqgy
29
vulnerability VCID-k7bb-y315-4qb6
30
vulnerability VCID-kak1-btjp-kqgz
31
vulnerability VCID-kdyk-rrrr-pufw
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-t17w-gcwe-eue4
40
vulnerability VCID-tc2y-zrea-vyb2
41
vulnerability VCID-tm1s-2m92-uyh9
42
vulnerability VCID-tuwu-cznx-jqdb
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ur9h-h6mw-fbdh
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-krjm-ygks-wyct
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-tm1s-2m92-uyh9
41
vulnerability VCID-tuwu-cznx-jqdb
42
vulnerability VCID-u49v-31sv-eqc3
43
vulnerability VCID-vtva-utdn-jkce
44
vulnerability VCID-wazt-hn99-qkdk
45
vulnerability VCID-wrnm-d19b-hqby
46
vulnerability VCID-ya8k-c5s5-47gx
47
vulnerability VCID-yuer-yn1w-q3gw
48
vulnerability VCID-z7fk-zbvh-quew
49
vulnerability VCID-zgy5-8cgd-gqhm
50
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2016-002-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr7a-tdxv-rqff
16
url VCID-zr8u-z3r4-cbct
vulnerability_id VCID-zr8u-z3r4-cbct
summary 
Improper Authentication
'Missing security check on `dev/build/defaults`.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-028/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-028/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-kqk7-mdnd-hfc7
32
vulnerability VCID-krjm-ygks-wyct
33
vulnerability VCID-kvhv-9fj5-7kgk
34
vulnerability VCID-kw9p-5fbc-hudg
35
vulnerability VCID-kxa8-dmva-ayff
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p52e-s67u-eya7
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qm38-1cwk-b3hq
40
vulnerability VCID-t17w-gcwe-eue4
41
vulnerability VCID-tc2y-zrea-vyb2
42
vulnerability VCID-tm1s-2m92-uyh9
43
vulnerability VCID-tuwu-cznx-jqdb
44
vulnerability VCID-u49v-31sv-eqc3
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3pwx-7wzy-qbdw
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-6j2p-tzvx-9bdj
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-8wbx-bvm9-jqcv
13
vulnerability VCID-a3yc-fxa1-gfhy
14
vulnerability VCID-ab5z-bqka-xudb
15
vulnerability VCID-ajga-3b99-yugh
16
vulnerability VCID-axxx-gpfn-mqc9
17
vulnerability VCID-bdcq-z11u-zyh5
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dq8q-6agw-g3d5
22
vulnerability VCID-dx5f-g875-5bct
23
vulnerability VCID-eddc-w9wx-c3gq
24
vulnerability VCID-enkd-4y44-4ueq
25
vulnerability VCID-fpb7-5pwu-tyg5
26
vulnerability VCID-fyxa-vzeq-ubeq
27
vulnerability VCID-hgkh-tcdc-ufd5
28
vulnerability VCID-j6ze-f76y-cqgy
29
vulnerability VCID-k7bb-y315-4qb6
30
vulnerability VCID-kak1-btjp-kqgz
31
vulnerability VCID-kdyk-rrrr-pufw
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-t17w-gcwe-eue4
40
vulnerability VCID-tc2y-zrea-vyb2
41
vulnerability VCID-tm1s-2m92-uyh9
42
vulnerability VCID-tuwu-cznx-jqdb
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ur9h-h6mw-fbdh
45
vulnerability VCID-wazt-hn99-qkdk
46
vulnerability VCID-wrnm-d19b-hqby
47
vulnerability VCID-ya8k-c5s5-47gx
48
vulnerability VCID-yuer-yn1w-q3gw
49
vulnerability VCID-z7fk-zbvh-quew
50
vulnerability VCID-zgy5-8cgd-gqhm
51
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-414d-7bfm-kud7
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-6j2p-tzvx-9bdj
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-8wbx-bvm9-jqcv
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-c3vp-kc9a-vkhn
18
vulnerability VCID-cdgj-bdpy-ukak
19
vulnerability VCID-cg3k-vmk4-5kdb
20
vulnerability VCID-dgn7-zmwr-u3c6
21
vulnerability VCID-dx5f-g875-5bct
22
vulnerability VCID-eddc-w9wx-c3gq
23
vulnerability VCID-enkd-4y44-4ueq
24
vulnerability VCID-fpb7-5pwu-tyg5
25
vulnerability VCID-fyxa-vzeq-ubeq
26
vulnerability VCID-hgkh-tcdc-ufd5
27
vulnerability VCID-j6ze-f76y-cqgy
28
vulnerability VCID-k7bb-y315-4qb6
29
vulnerability VCID-kak1-btjp-kqgz
30
vulnerability VCID-kdyk-rrrr-pufw
31
vulnerability VCID-krjm-ygks-wyct
32
vulnerability VCID-kvhv-9fj5-7kgk
33
vulnerability VCID-kw9p-5fbc-hudg
34
vulnerability VCID-kxa8-dmva-ayff
35
vulnerability VCID-p2kq-rkh6-ayeu
36
vulnerability VCID-p52e-s67u-eya7
37
vulnerability VCID-pq29-qe7h-tkcp
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-tm1s-2m92-uyh9
41
vulnerability VCID-tuwu-cznx-jqdb
42
vulnerability VCID-u49v-31sv-eqc3
43
vulnerability VCID-vtva-utdn-jkce
44
vulnerability VCID-wazt-hn99-qkdk
45
vulnerability VCID-wrnm-d19b-hqby
46
vulnerability VCID-ya8k-c5s5-47gx
47
vulnerability VCID-yuer-yn1w-q3gw
48
vulnerability VCID-z7fk-zbvh-quew
49
vulnerability VCID-zgy5-8cgd-gqhm
50
vulnerability VCID-zxmh-xcvd-53fe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-kak1-btjp-kqgz
7
vulnerability VCID-kvhv-9fj5-7kgk
8
vulnerability VCID-kw9p-5fbc-hudg
9
vulnerability VCID-qjgf-hxng-j3g9
10
vulnerability VCID-qm38-1cwk-b3hq
11
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-028-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr8u-z3r4-cbct
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1