| 0 |
| url |
VCID-2s8q-qgpm-cqh7 |
| vulnerability_id |
VCID-2s8q-qgpm-cqh7 |
| summary |
Unrestricted Upload of File with Dangerous Type
Silverstripe CMS can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-9309, GHSA-h77w-655f-6j3m
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2s8q-qgpm-cqh7 |
|
| 1 |
| url |
VCID-3x46-q9cb-7ubg |
| vulnerability_id |
VCID-3x46-q9cb-7ubg |
| summary |
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg |
|
| 2 |
| url |
VCID-b95v-49p7-fkas |
| vulnerability_id |
VCID-b95v-49p7-fkas |
| summary |
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-14498, GHSA-j696-6m57-mcrv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas |
|
| 3 |
|
| 4 |
| url |
VCID-efqa-bbj4-zyhd |
| vulnerability_id |
VCID-efqa-bbj4-zyhd |
| summary |
Advanced workflow member field exposure
By default, the CMS Admin editable template for the NotifyUsers action has access to a large number of fields, including (for instance) `Member#Password`. This would allow a malicious CMS Admin to extract other admin passwords by adding a template emailing these fields to themselves when other admins trigger the workflow. A new configuration option has been added; when this option is set to `true` via the Config API then only member fields specified via `Member.summary_fields` may be accessed. |
| references |
|
| fixed_packages |
|
| aliases |
SS-2015-023
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-efqa-bbj4-zyhd |
|
| 5 |
| url |
VCID-kta3-uez1-xkd9 |
| vulnerability_id |
VCID-kta3-uez1-xkd9 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8606, GHSA-gvc8-xjfp-6569
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kta3-uez1-xkd9 |
|
| 6 |
|
| 7 |
| url |
VCID-sfyd-qn7r-eqdg |
| vulnerability_id |
VCID-sfyd-qn7r-eqdg |
| summary |
Silverstripe CMS Open Redirect
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-5062, GHSA-fh35-p8ph-p545
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyd-qn7r-eqdg |
|
| 8 |
| url |
VCID-umhc-fdfh-1fdx |
| vulnerability_id |
VCID-umhc-fdfh-1fdx |
| summary |
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-9311, GHSA-2pw2-qpcp-m47x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx |
|
| 9 |
| url |
VCID-ytbc-8mhd-b3fc |
| vulnerability_id |
VCID-ytbc-8mhd-b3fc |
| summary |
Information Exposure
In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page). |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-6164, GHSA-gm5x-hpmw-xpxg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytbc-8mhd-b3fc |
|
| 10 |
| url |
VCID-z94y-nz4f-y7er |
| vulnerability_id |
VCID-z94y-nz4f-y7er |
| summary |
Improper Privilege Management
In SilverStripe, a missing warning about leaving `install.php` in a public webroot can lead to unauthenticated admin access. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12204, GHSA-cg8j-8w52-735v
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z94y-nz4f-y7er |
|