Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/cms@4.2.3
Typecomposer
Namespacesilverstripe
Namecms
Version4.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.11.3
Latest_non_vulnerable_version4.11.3
Affected_by_vulnerabilities
0
url VCID-2f9j-ek3x-kbc5
vulnerability_id VCID-2f9j-ek3x-kbc5
summary 
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.56963
published_at 2026-04-16T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.56823
published_at 2026-04-01T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-02T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.56939
published_at 2026-04-04T12:55:00Z
4
value 0.00343
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-07T12:55:00Z
5
value 0.00343
scoring_system epss
scoring_elements 0.56966
published_at 2026-04-08T12:55:00Z
6
value 0.00343
scoring_system epss
scoring_elements 0.56969
published_at 2026-04-09T12:55:00Z
7
value 0.00343
scoring_system epss
scoring_elements 0.56977
published_at 2026-04-11T12:55:00Z
8
value 0.00343
scoring_system epss
scoring_elements 0.56957
published_at 2026-04-12T12:55:00Z
9
value 0.00343
scoring_system epss
scoring_elements 0.56934
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311/
reference_id CVE-2020-9311
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-9311/
7
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x32-t75c-u3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5
1
url VCID-4x32-t75c-u3bj
vulnerability_id VCID-4x32-t75c-u3bj
summary 
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55208
published_at 2026-04-02T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55271
published_at 2026-04-16T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.55233
published_at 2026-04-13T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.55251
published_at 2026-04-12T12:55:00Z
4
value 0.00322
scoring_system epss
scoring_elements 0.55272
published_at 2026-04-11T12:55:00Z
5
value 0.00322
scoring_system epss
scoring_elements 0.55232
published_at 2026-04-04T12:55:00Z
6
value 0.00322
scoring_system epss
scoring_elements 0.5526
published_at 2026-04-09T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55259
published_at 2026-04-08T12:55:00Z
8
value 0.00322
scoring_system epss
scoring_elements 0.5521
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2022-37421
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
reference_id CVE-2022-37421
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
9
reference_url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
reference_id GHSA-pp74-g2q5-j4jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
fixed_packages
0
url pkg:composer/silverstripe/cms@4.11.3
purl pkg:composer/silverstripe/cms@4.11.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.11.3
aliases CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj
2
url VCID-658d-vmwt-f7e8
vulnerability_id VCID-658d-vmwt-f7e8
summary 
Missing warning can lead to unauthenticated admin access in SilverStripe
In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74522
published_at 2026-04-01T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.74607
published_at 2026-04-16T12:55:00Z
2
value 0.00832
scoring_system epss
scoring_elements 0.74598
published_at 2026-04-11T12:55:00Z
3
value 0.00832
scoring_system epss
scoring_elements 0.74575
published_at 2026-04-09T12:55:00Z
4
value 0.00832
scoring_system epss
scoring_elements 0.74559
published_at 2026-04-08T12:55:00Z
5
value 0.00832
scoring_system epss
scoring_elements 0.74527
published_at 2026-04-07T12:55:00Z
6
value 0.00832
scoring_system epss
scoring_elements 0.74553
published_at 2026-04-04T12:55:00Z
7
value 0.00832
scoring_system epss
scoring_elements 0.74526
published_at 2026-04-02T12:55:00Z
8
value 0.00832
scoring_system epss
scoring_elements 0.7457
published_at 2026-04-13T12:55:00Z
9
value 0.00832
scoring_system epss
scoring_elements 0.74578
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12204
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12204.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12204
4
reference_url https://packagist.org/packages/silverstripe/cms
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/cms
5
reference_url https://packagist.org/packages/silverstripe/framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/silverstripe/framework
6
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12204
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12204
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
11
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
reference_id CVE-2019-12204
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12204/
12
reference_url https://github.com/advisories/GHSA-cg8j-8w52-735v
reference_id GHSA-cg8j-8w52-735v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg8j-8w52-735v
fixed_packages
0
url pkg:composer/silverstripe/cms@4.3.6
purl pkg:composer/silverstripe/cms@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.3.6
1
url pkg:composer/silverstripe/cms@4.4.0-rc1
purl pkg:composer/silverstripe/cms@4.4.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-4x32-t75c-u3bj
2
vulnerability VCID-g366-c4n9-vfcs
3
vulnerability VCID-gme6-wj87-ekfw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.0-rc1
2
url pkg:composer/silverstripe/cms@4.4.4
purl pkg:composer/silverstripe/cms@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-4x32-t75c-u3bj
2
vulnerability VCID-g366-c4n9-vfcs
3
vulnerability VCID-gme6-wj87-ekfw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.4.4
aliases CVE-2019-12204, GHSA-cg8j-8w52-735v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-658d-vmwt-f7e8
3
url VCID-g366-c4n9-vfcs
vulnerability_id VCID-g366-c4n9-vfcs
summary 
Silverstripe CMS malicious file upload enables script execution
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
reference_id
reference_type
scores
0
value 0.00727
scoring_system epss
scoring_elements 0.72586
published_at 2026-04-04T12:55:00Z
1
value 0.00727
scoring_system epss
scoring_elements 0.7265
published_at 2026-04-16T12:55:00Z
2
value 0.00727
scoring_system epss
scoring_elements 0.72608
published_at 2026-04-13T12:55:00Z
3
value 0.00727
scoring_system epss
scoring_elements 0.72618
published_at 2026-04-12T12:55:00Z
4
value 0.00727
scoring_system epss
scoring_elements 0.72635
published_at 2026-04-11T12:55:00Z
5
value 0.00727
scoring_system epss
scoring_elements 0.72612
published_at 2026-04-09T12:55:00Z
6
value 0.00727
scoring_system epss
scoring_elements 0.72562
published_at 2026-04-07T12:55:00Z
7
value 0.00727
scoring_system epss
scoring_elements 0.72569
published_at 2026-04-02T12:55:00Z
8
value 0.00727
scoring_system epss
scoring_elements 0.726
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9309
1
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9309
3
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9309
4
reference_url https://github.com/advisories/GHSA-h77w-655f-6j3m
reference_id GHSA-h77w-655f-6j3m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h77w-655f-6j3m
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x32-t75c-u3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-9309, GHSA-h77w-655f-6j3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g366-c4n9-vfcs
4
url VCID-gme6-wj87-ekfw
vulnerability_id VCID-gme6-wj87-ekfw
summary 
Silverstripe CMS information disclosure
In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
reference_id
reference_type
scores
0
value 0.00703
scoring_system epss
scoring_elements 0.72027
published_at 2026-04-07T12:55:00Z
1
value 0.00703
scoring_system epss
scoring_elements 0.72107
published_at 2026-04-16T12:55:00Z
2
value 0.00703
scoring_system epss
scoring_elements 0.72066
published_at 2026-04-13T12:55:00Z
3
value 0.00703
scoring_system epss
scoring_elements 0.72082
published_at 2026-04-12T12:55:00Z
4
value 0.00703
scoring_system epss
scoring_elements 0.72099
published_at 2026-04-11T12:55:00Z
5
value 0.00703
scoring_system epss
scoring_elements 0.72076
published_at 2026-04-09T12:55:00Z
6
value 0.00703
scoring_system epss
scoring_elements 0.72063
published_at 2026-04-08T12:55:00Z
7
value 0.00703
scoring_system epss
scoring_elements 0.7203
published_at 2026-04-02T12:55:00Z
8
value 0.00703
scoring_system epss
scoring_elements 0.72024
published_at 2026-04-01T12:55:00Z
9
value 0.00703
scoring_system epss
scoring_elements 0.7205
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-6164
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-6164.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/91d30db88f68b9b87980ef9a59e208a81980b72c
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cce2b1630937895aa28c2914837651e7cd56d74b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-6164
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-6164
7
reference_url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
reference_id GHSA-gm5x-hpmw-xpxg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gm5x-hpmw-xpxg
fixed_packages
0
url pkg:composer/silverstripe/cms@4.5.1
purl pkg:composer/silverstripe/cms@4.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4x32-t75c-u3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.5.1
aliases CVE-2020-6164, GHSA-gm5x-hpmw-xpxg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gme6-wj87-ekfw
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/cms@4.2.3