Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.0.8
Typecomposer
Namespacesilverstripe
Nameframework
Version3.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.13.39
Latest_non_vulnerable_version5.3.23
Affected_by_vulnerabilities
0
url VCID-1mmc-91gk-r3d3
vulnerability_id VCID-1mmc-91gk-r3d3
summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55605
published_at 2026-06-05T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55549
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/issues/8814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/issues/8814
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-021
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.7
purl pkg:composer/silverstripe/framework@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-u9e7-1zhg-mygt
16
vulnerability VCID-umhc-fdfh-1fdx
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7
1
url pkg:composer/silverstripe/framework@3.7.3
purl pkg:composer/silverstripe/framework@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-umhc-fdfh-1fdx
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xg74-3h1h-kqaf
19
vulnerability VCID-y8et-m846-2fc6
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3
2
url pkg:composer/silverstripe/framework@4.0.7
purl pkg:composer/silverstripe/framework@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-fmfu-81xu-pfdy
11
vulnerability VCID-gnpw-s9hp-wqfs
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-nzcm-xbxx-wyf9
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-ru3j-21j8-ayhm
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-xm4q-u96p-57dd
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-ytbc-8mhd-b3fc
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7
3
url pkg:composer/silverstripe/framework@4.1.5
purl pkg:composer/silverstripe/framework@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-fmfu-81xu-pfdy
11
vulnerability VCID-gnpw-s9hp-wqfs
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-nzcm-xbxx-wyf9
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-ru3j-21j8-ayhm
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-xm4q-u96p-57dd
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-ytbc-8mhd-b3fc
27
vulnerability VCID-z94y-nz4f-y7er
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5
4
url pkg:composer/silverstripe/framework@4.2.4
purl pkg:composer/silverstripe/framework@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-fmfu-81xu-pfdy
11
vulnerability VCID-gnpw-s9hp-wqfs
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-nzcm-xbxx-wyf9
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-ru3j-21j8-ayhm
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-xm4q-u96p-57dd
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-ytbc-8mhd-b3fc
27
vulnerability VCID-z94y-nz4f-y7er
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4
5
url pkg:composer/silverstripe/framework@4.3.1
purl pkg:composer/silverstripe/framework@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-fmfu-81xu-pfdy
11
vulnerability VCID-gnpw-s9hp-wqfs
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-nzcm-xbxx-wyf9
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-ru3j-21j8-ayhm
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-xm4q-u96p-57dd
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-ytbc-8mhd-b3fc
27
vulnerability VCID-z94y-nz4f-y7er
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1
aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3
1
url VCID-1p79-328x-sueq
vulnerability_id VCID-1p79-328x-sueq
summary 
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57671
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57619
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-41559
7
reference_url https://github.com/advisories/GHSA-9fmg-89fx-r33w
reference_id GHSA-9fmg-89fx-r33w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fmg-89fx-r33w
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.9
purl pkg:composer/silverstripe/framework@4.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7gak-15m5-j3f5
1
vulnerability VCID-7w7t-3783-1kbs
2
vulnerability VCID-9t4k-8hsz-bfdw
3
vulnerability VCID-9y5u-qyzd-3ud9
4
vulnerability VCID-a7cf-kpzy-xudd
5
vulnerability VCID-ca4q-xd4v-vqfe
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-uy47-3s8a-hbdn
8
vulnerability VCID-xm4q-u96p-57dd
9
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9
1
url pkg:composer/silverstripe/framework@4.11.0-beta1
purl pkg:composer/silverstripe/framework@4.11.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7w7t-3783-1kbs
1
vulnerability VCID-9t4k-8hsz-bfdw
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-ca4q-xd4v-vqfe
5
vulnerability VCID-gnpw-s9hp-wqfs
6
vulnerability VCID-uy47-3s8a-hbdn
7
vulnerability VCID-xm4q-u96p-57dd
8
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1
aliases CVE-2021-41559, GHSA-9fmg-89fx-r33w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq
2
url VCID-1uhv-fetz-j7fd
vulnerability_id VCID-1uhv-fetz-j7fd
summary 
XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-001
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-001
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-xsgv-a7bd-fqh8
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y6gd-vy49-17b4
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-y6gd-vy49-17b4
44
vulnerability VCID-y8et-m846-2fc6
45
vulnerability VCID-z28b-1yrx-1bbn
46
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y6gd-vy49-17b4
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9ugf-duna-xfgy
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b95v-49p7-fkas
16
vulnerability VCID-c437-w2zy-y7c9
17
vulnerability VCID-c6bz-jwhm-vkgp
18
vulnerability VCID-cmwn-cjff-9qau
19
vulnerability VCID-czh2-w6fk-xqd6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-excr-b2pz-jydm
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-hnme-cqff-c7dp
26
vulnerability VCID-mkex-ht2r-cucz
27
vulnerability VCID-n1mj-u4yk-jqhn
28
vulnerability VCID-n4fk-735u-2baw
29
vulnerability VCID-nute-ndg2-z7ev
30
vulnerability VCID-pkve-yjqy-syc2
31
vulnerability VCID-qdwg-f2bx-1bay
32
vulnerability VCID-qj5k-bcw3-5fgq
33
vulnerability VCID-qmfy-dxag-uuex
34
vulnerability VCID-r1eg-dwej-5kau
35
vulnerability VCID-sg62-98yy-2kd7
36
vulnerability VCID-t81f-5b8z-hyht
37
vulnerability VCID-tv7h-289s-xub4
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-uy47-3s8a-hbdn
40
vulnerability VCID-v9ch-up34-nuab
41
vulnerability VCID-vatg-guxu-2ud7
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-f4hv-79km-3ygt
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-vatg-guxu-2ud7
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y6gd-vy49-17b4
43
vulnerability VCID-y8et-m846-2fc6
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd
3
url VCID-36z3-nafq-6kez
vulnerability_id VCID-36z3-nafq-6kez
summary 
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-001/
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-xsgv-a7bd-fqh8
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-gnpw-s9hp-wqfs
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-njph-ua7r-auaq
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-016
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez
4
url VCID-3snr-vtda-jqdj
vulnerability_id VCID-3snr-vtda-jqdj
summary 
Cross-site Scripting
XSS In rewritten hash links.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-5ztp-wmty-aybx
7
vulnerability VCID-78b6-1v3w-qfc3
8
vulnerability VCID-7bpb-cgj3-b7ay
9
vulnerability VCID-7ek4-6y31-1qcs
10
vulnerability VCID-7hxq-cp29-r7dh
11
vulnerability VCID-8m1h-utem-jud3
12
vulnerability VCID-96f5-5qyr-g7d5
13
vulnerability VCID-9hf4-djcv-67d7
14
vulnerability VCID-9y5u-qyzd-3ud9
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-at1s-qxsg-5yfs
17
vulnerability VCID-b6nm-cphj-wfgw
18
vulnerability VCID-b7xq-cz8w-ubgm
19
vulnerability VCID-b95v-49p7-fkas
20
vulnerability VCID-c437-w2zy-y7c9
21
vulnerability VCID-c6bz-jwhm-vkgp
22
vulnerability VCID-cmwn-cjff-9qau
23
vulnerability VCID-cqjc-tsv5-7beg
24
vulnerability VCID-ecy2-x3a9-qbbx
25
vulnerability VCID-evh4-xq48-4fa6
26
vulnerability VCID-ewg1-jqza-eyez
27
vulnerability VCID-ggbg-8mtc-hudc
28
vulnerability VCID-gkkp-9fm7-jfaz
29
vulnerability VCID-gnpw-s9hp-wqfs
30
vulnerability VCID-h4k6-fruf-uqff
31
vulnerability VCID-hcuz-gz3w-97ew
32
vulnerability VCID-heyh-s54f-8qap
33
vulnerability VCID-hnme-cqff-c7dp
34
vulnerability VCID-m5rs-qptc-vued
35
vulnerability VCID-mkex-ht2r-cucz
36
vulnerability VCID-n4fk-735u-2baw
37
vulnerability VCID-nu3h-nb1g-67bs
38
vulnerability VCID-nute-ndg2-z7ev
39
vulnerability VCID-pkve-yjqy-syc2
40
vulnerability VCID-q939-fszs-wfdp
41
vulnerability VCID-qdwg-f2bx-1bay
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-sfyd-qn7r-eqdg
45
vulnerability VCID-sg62-98yy-2kd7
46
vulnerability VCID-t81f-5b8z-hyht
47
vulnerability VCID-tv7h-289s-xub4
48
vulnerability VCID-umhc-fdfh-1fdx
49
vulnerability VCID-uy47-3s8a-hbdn
50
vulnerability VCID-uyxp-7fh1-77cg
51
vulnerability VCID-wgdv-etcq-3qhw
52
vulnerability VCID-wmfv-vtnz-bkad
53
vulnerability VCID-xg74-3h1h-kqaf
54
vulnerability VCID-xsgv-a7bd-fqh8
55
vulnerability VCID-y8et-m846-2fc6
56
vulnerability VCID-yfuu-th6b-nba4
57
vulnerability VCID-z28b-1yrx-1bbn
58
vulnerability VCID-zca8-91sf-qkb4
59
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-78b6-1v3w-qfc3
10
vulnerability VCID-7bpb-cgj3-b7ay
11
vulnerability VCID-7ek4-6y31-1qcs
12
vulnerability VCID-7hxq-cp29-r7dh
13
vulnerability VCID-8m1h-utem-jud3
14
vulnerability VCID-9hf4-djcv-67d7
15
vulnerability VCID-9y5u-qyzd-3ud9
16
vulnerability VCID-a7cf-kpzy-xudd
17
vulnerability VCID-at1s-qxsg-5yfs
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-b7xq-cz8w-ubgm
20
vulnerability VCID-b95v-49p7-fkas
21
vulnerability VCID-c437-w2zy-y7c9
22
vulnerability VCID-c6bz-jwhm-vkgp
23
vulnerability VCID-cmwn-cjff-9qau
24
vulnerability VCID-cqjc-tsv5-7beg
25
vulnerability VCID-ecy2-x3a9-qbbx
26
vulnerability VCID-evh4-xq48-4fa6
27
vulnerability VCID-ewg1-jqza-eyez
28
vulnerability VCID-ggbg-8mtc-hudc
29
vulnerability VCID-gkkp-9fm7-jfaz
30
vulnerability VCID-gnpw-s9hp-wqfs
31
vulnerability VCID-h4k6-fruf-uqff
32
vulnerability VCID-hcuz-gz3w-97ew
33
vulnerability VCID-heyh-s54f-8qap
34
vulnerability VCID-hnhv-qx7p-wqcw
35
vulnerability VCID-hnme-cqff-c7dp
36
vulnerability VCID-m5rs-qptc-vued
37
vulnerability VCID-mkex-ht2r-cucz
38
vulnerability VCID-n4fk-735u-2baw
39
vulnerability VCID-nu3h-nb1g-67bs
40
vulnerability VCID-nute-ndg2-z7ev
41
vulnerability VCID-pkve-yjqy-syc2
42
vulnerability VCID-puvt-j32v-77eh
43
vulnerability VCID-q939-fszs-wfdp
44
vulnerability VCID-qdwg-f2bx-1bay
45
vulnerability VCID-qj5k-bcw3-5fgq
46
vulnerability VCID-qmfy-dxag-uuex
47
vulnerability VCID-r1eg-dwej-5kau
48
vulnerability VCID-rrmd-ud59-ffbp
49
vulnerability VCID-sfyd-qn7r-eqdg
50
vulnerability VCID-sg62-98yy-2kd7
51
vulnerability VCID-t81f-5b8z-hyht
52
vulnerability VCID-tv7h-289s-xub4
53
vulnerability VCID-twrb-6j51-aqcy
54
vulnerability VCID-ue4x-s1c4-zkcz
55
vulnerability VCID-umhc-fdfh-1fdx
56
vulnerability VCID-uy47-3s8a-hbdn
57
vulnerability VCID-uyxp-7fh1-77cg
58
vulnerability VCID-vatm-1vbd-bfam
59
vulnerability VCID-wgdv-etcq-3qhw
60
vulnerability VCID-wmfv-vtnz-bkad
61
vulnerability VCID-xg74-3h1h-kqaf
62
vulnerability VCID-xsgv-a7bd-fqh8
63
vulnerability VCID-y8et-m846-2fc6
64
vulnerability VCID-yfuu-th6b-nba4
65
vulnerability VCID-z28b-1yrx-1bbn
66
vulnerability VCID-zca8-91sf-qkb4
67
vulnerability VCID-zckr-zxq4-jyev
68
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-009-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3snr-vtda-jqdj
5
url VCID-3x46-q9cb-7ubg
vulnerability_id VCID-3x46-q9cb-7ubg
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60505
published_at 2026-06-04T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60553
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
3
reference_url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
reference_id GHSA-fwhr-g5r4-xgxf
reference_type
scores
url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5-beta1
purl pkg:composer/silverstripe/framework@3.5.5-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-h1y5-n4b7-ckg6
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-mkex-ht2r-cucz
14
vulnerability VCID-n4fk-735u-2baw
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qdwg-f2bx-1bay
18
vulnerability VCID-qmfy-dxag-uuex
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-uy47-3s8a-hbdn
23
vulnerability VCID-wgdv-etcq-3qhw
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-zdge-zsmz-8ud9
27
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1
1
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-tv7h-289s-xub4
20
vulnerability VCID-u9e7-1zhg-mygt
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-uy47-3s8a-hbdn
23
vulnerability VCID-wgdv-etcq-3qhw
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-zdge-zsmz-8ud9
27
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
2
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-h1y5-n4b7-ckg6
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-hq36-9ntc-akez
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nute-ndg2-z7ev
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-qmfy-dxag-uuex
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-u9e7-1zhg-mygt
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
29
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
3
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-h1y5-n4b7-ckg6
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-hq36-9ntc-akez
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nute-ndg2-z7ev
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-qmfy-dxag-uuex
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-u9e7-1zhg-mygt
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
29
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg
6
url VCID-4n9x-x4kd-jyfu
vulnerability_id VCID-4n9x-x4kd-jyfu
summary 
XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.16
purl pkg:composer/silverstripe/framework@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-cqjc-tsv5-7beg
18
vulnerability VCID-ecy2-x3a9-qbbx
19
vulnerability VCID-evh4-xq48-4fa6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-ggbg-8mtc-hudc
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-heyh-s54f-8qap
26
vulnerability VCID-hnhv-qx7p-wqcw
27
vulnerability VCID-hnme-cqff-c7dp
28
vulnerability VCID-m5rs-qptc-vued
29
vulnerability VCID-mkex-ht2r-cucz
30
vulnerability VCID-n4fk-735u-2baw
31
vulnerability VCID-nute-ndg2-z7ev
32
vulnerability VCID-pkve-yjqy-syc2
33
vulnerability VCID-q939-fszs-wfdp
34
vulnerability VCID-qdwg-f2bx-1bay
35
vulnerability VCID-qj5k-bcw3-5fgq
36
vulnerability VCID-qmfy-dxag-uuex
37
vulnerability VCID-r1eg-dwej-5kau
38
vulnerability VCID-rrmd-ud59-ffbp
39
vulnerability VCID-sg62-98yy-2kd7
40
vulnerability VCID-t81f-5b8z-hyht
41
vulnerability VCID-tv7h-289s-xub4
42
vulnerability VCID-umhc-fdfh-1fdx
43
vulnerability VCID-uy47-3s8a-hbdn
44
vulnerability VCID-vatm-1vbd-bfam
45
vulnerability VCID-wgdv-etcq-3qhw
46
vulnerability VCID-xg74-3h1h-kqaf
47
vulnerability VCID-xsgv-a7bd-fqh8
48
vulnerability VCID-y8et-m846-2fc6
49
vulnerability VCID-z28b-1yrx-1bbn
50
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a7cf-kpzy-xudd
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-gnpw-s9hp-wqfs
20
vulnerability VCID-h4k6-fruf-uqff
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nu3h-nb1g-67bs
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qmfy-dxag-uuex
32
vulnerability VCID-r1eg-dwej-5kau
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-yfuu-th6b-nba4
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9x-x4kd-jyfu
7
url VCID-5ztp-wmty-aybx
vulnerability_id VCID-5ztp-wmty-aybx
summary 
Silverstripe External redirection risk in Security?ReturnURL
A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.

For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with "login failed" then the user will likely just enter their user/pass again.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-012
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-012
5
reference_url https://github.com/advisories/GHSA-vp8p-c6xj-xpj7
reference_id GHSA-vp8p-c6xj-xpj7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp8p-c6xj-xpj7
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sfyd-qn7r-eqdg
46
vulnerability VCID-sg62-98yy-2kd7
47
vulnerability VCID-t81f-5b8z-hyht
48
vulnerability VCID-tv7h-289s-xub4
49
vulnerability VCID-twrb-6j51-aqcy
50
vulnerability VCID-umhc-fdfh-1fdx
51
vulnerability VCID-uy47-3s8a-hbdn
52
vulnerability VCID-vatm-1vbd-bfam
53
vulnerability VCID-wgdv-etcq-3qhw
54
vulnerability VCID-xg74-3h1h-kqaf
55
vulnerability VCID-xsgv-a7bd-fqh8
56
vulnerability VCID-y8et-m846-2fc6
57
vulnerability VCID-yfuu-th6b-nba4
58
vulnerability VCID-z28b-1yrx-1bbn
59
vulnerability VCID-zca8-91sf-qkb4
60
vulnerability VCID-zckr-zxq4-jyev
61
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases GHSA-vp8p-c6xj-xpj7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ztp-wmty-aybx
8
url VCID-78b6-1v3w-qfc3
vulnerability_id VCID-78b6-1v3w-qfc3
summary 
URL Redirection to Untrusted Site (Open Redirect)
External redirection risk in `Security?ReturnURL`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13-rc1
purl pkg:composer/silverstripe/framework@3.1.13-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-7bpb-cgj3-b7ay
10
vulnerability VCID-7ek4-6y31-1qcs
11
vulnerability VCID-7hxq-cp29-r7dh
12
vulnerability VCID-8m1h-utem-jud3
13
vulnerability VCID-9hf4-djcv-67d7
14
vulnerability VCID-9y5u-qyzd-3ud9
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-at1s-qxsg-5yfs
17
vulnerability VCID-b6nm-cphj-wfgw
18
vulnerability VCID-b7xq-cz8w-ubgm
19
vulnerability VCID-b95v-49p7-fkas
20
vulnerability VCID-c437-w2zy-y7c9
21
vulnerability VCID-c6bz-jwhm-vkgp
22
vulnerability VCID-cmwn-cjff-9qau
23
vulnerability VCID-cqjc-tsv5-7beg
24
vulnerability VCID-ecy2-x3a9-qbbx
25
vulnerability VCID-evh4-xq48-4fa6
26
vulnerability VCID-ewg1-jqza-eyez
27
vulnerability VCID-ggbg-8mtc-hudc
28
vulnerability VCID-gkkp-9fm7-jfaz
29
vulnerability VCID-gnpw-s9hp-wqfs
30
vulnerability VCID-h4k6-fruf-uqff
31
vulnerability VCID-hcuz-gz3w-97ew
32
vulnerability VCID-heyh-s54f-8qap
33
vulnerability VCID-hnhv-qx7p-wqcw
34
vulnerability VCID-hnme-cqff-c7dp
35
vulnerability VCID-m5rs-qptc-vued
36
vulnerability VCID-mkex-ht2r-cucz
37
vulnerability VCID-n4fk-735u-2baw
38
vulnerability VCID-nu3h-nb1g-67bs
39
vulnerability VCID-nute-ndg2-z7ev
40
vulnerability VCID-pkve-yjqy-syc2
41
vulnerability VCID-puvt-j32v-77eh
42
vulnerability VCID-q939-fszs-wfdp
43
vulnerability VCID-qdwg-f2bx-1bay
44
vulnerability VCID-qj5k-bcw3-5fgq
45
vulnerability VCID-qmfy-dxag-uuex
46
vulnerability VCID-r1eg-dwej-5kau
47
vulnerability VCID-rrmd-ud59-ffbp
48
vulnerability VCID-sfyd-qn7r-eqdg
49
vulnerability VCID-sg62-98yy-2kd7
50
vulnerability VCID-t81f-5b8z-hyht
51
vulnerability VCID-tv7h-289s-xub4
52
vulnerability VCID-twrb-6j51-aqcy
53
vulnerability VCID-ue4x-s1c4-zkcz
54
vulnerability VCID-umhc-fdfh-1fdx
55
vulnerability VCID-uy47-3s8a-hbdn
56
vulnerability VCID-uyxp-7fh1-77cg
57
vulnerability VCID-vatm-1vbd-bfam
58
vulnerability VCID-wgdv-etcq-3qhw
59
vulnerability VCID-wmfv-vtnz-bkad
60
vulnerability VCID-xg74-3h1h-kqaf
61
vulnerability VCID-xsgv-a7bd-fqh8
62
vulnerability VCID-y8et-m846-2fc6
63
vulnerability VCID-yfuu-th6b-nba4
64
vulnerability VCID-z28b-1yrx-1bbn
65
vulnerability VCID-zca8-91sf-qkb4
66
vulnerability VCID-zckr-zxq4-jyev
67
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1
3
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sfyd-qn7r-eqdg
46
vulnerability VCID-sg62-98yy-2kd7
47
vulnerability VCID-t81f-5b8z-hyht
48
vulnerability VCID-tv7h-289s-xub4
49
vulnerability VCID-twrb-6j51-aqcy
50
vulnerability VCID-umhc-fdfh-1fdx
51
vulnerability VCID-uy47-3s8a-hbdn
52
vulnerability VCID-vatm-1vbd-bfam
53
vulnerability VCID-wgdv-etcq-3qhw
54
vulnerability VCID-xg74-3h1h-kqaf
55
vulnerability VCID-xsgv-a7bd-fqh8
56
vulnerability VCID-y8et-m846-2fc6
57
vulnerability VCID-yfuu-th6b-nba4
58
vulnerability VCID-z28b-1yrx-1bbn
59
vulnerability VCID-zca8-91sf-qkb4
60
vulnerability VCID-zckr-zxq4-jyev
61
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-012-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3
9
url VCID-7bpb-cgj3-b7ay
vulnerability_id VCID-7bpb-cgj3-b7ay
summary 
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters.

For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush" could also be used in succession to cause excessive load on a victim site and risk denial of service.

The fix in this case is to ensure that empty tokens fail the validation check.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014
5
reference_url https://github.com/advisories/GHSA-g4hp-pfvf-vm5w
reference_id GHSA-g4hp-pfvf-vm5w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4hp-pfvf-vm5w
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sfyd-qn7r-eqdg
46
vulnerability VCID-sg62-98yy-2kd7
47
vulnerability VCID-t81f-5b8z-hyht
48
vulnerability VCID-tv7h-289s-xub4
49
vulnerability VCID-twrb-6j51-aqcy
50
vulnerability VCID-umhc-fdfh-1fdx
51
vulnerability VCID-uy47-3s8a-hbdn
52
vulnerability VCID-vatm-1vbd-bfam
53
vulnerability VCID-wgdv-etcq-3qhw
54
vulnerability VCID-xg74-3h1h-kqaf
55
vulnerability VCID-xsgv-a7bd-fqh8
56
vulnerability VCID-y8et-m846-2fc6
57
vulnerability VCID-yfuu-th6b-nba4
58
vulnerability VCID-z28b-1yrx-1bbn
59
vulnerability VCID-zca8-91sf-qkb4
60
vulnerability VCID-zckr-zxq4-jyev
61
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases GHSA-g4hp-pfvf-vm5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpb-cgj3-b7ay
10
url VCID-7ek4-6y31-1qcs
vulnerability_id VCID-7ek4-6y31-1qcs
summary 
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-xsgv-a7bd-fqh8
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qj5k-bcw3-5fgq
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-uy47-3s8a-hbdn
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-014
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs
11
url VCID-7hxq-cp29-r7dh
vulnerability_id VCID-7hxq-cp29-r7dh
summary 
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57587
published_at 2026-06-05T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57535
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-37d1-tt74-yyfm
4
vulnerability VCID-7gak-15m5-j3f5
5
vulnerability VCID-7w7t-3783-1kbs
6
vulnerability VCID-9t4k-8hsz-bfdw
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a1p9-cwzb-kbgb
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-aj7q-x4hc-xbdm
11
vulnerability VCID-aygc-4nhm-n7eq
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-fm87-te3v-pkc8
16
vulnerability VCID-fmfu-81xu-pfdy
17
vulnerability VCID-g7kn-gn2m-myc3
18
vulnerability VCID-gnpw-s9hp-wqfs
19
vulnerability VCID-h9g1-7wez-8qft
20
vulnerability VCID-hcuz-gz3w-97ew
21
vulnerability VCID-hq36-9ntc-akez
22
vulnerability VCID-m3us-9sft-wbh8
23
vulnerability VCID-n4fk-735u-2baw
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-nzcm-xbxx-wyf9
26
vulnerability VCID-p2m9-rejx-e3e9
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qmfy-dxag-uuex
29
vulnerability VCID-r1eg-dwej-5kau
30
vulnerability VCID-ru3j-21j8-ayhm
31
vulnerability VCID-tsdn-bu3d-ubaf
32
vulnerability VCID-tv7h-289s-xub4
33
vulnerability VCID-uy47-3s8a-hbdn
34
vulnerability VCID-wgdv-etcq-3qhw
35
vulnerability VCID-xg74-3h1h-kqaf
36
vulnerability VCID-xm4q-u96p-57dd
37
vulnerability VCID-y8et-m846-2fc6
38
vulnerability VCID-ytbc-8mhd-b3fc
39
vulnerability VCID-yxuh-bxh5-z3cw
40
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-aj7q-x4hc-xbdm
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-ca4q-xd4v-vqfe
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-fmfu-81xu-pfdy
13
vulnerability VCID-g7kn-gn2m-myc3
14
vulnerability VCID-gnpw-s9hp-wqfs
15
vulnerability VCID-h9g1-7wez-8qft
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hq36-9ntc-akez
18
vulnerability VCID-m3us-9sft-wbh8
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-nzcm-xbxx-wyf9
22
vulnerability VCID-p2m9-rejx-e3e9
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-ru3j-21j8-ayhm
27
vulnerability VCID-tsdn-bu3d-ubaf
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-xm4q-u96p-57dd
33
vulnerability VCID-y8et-m846-2fc6
34
vulnerability VCID-ytbc-8mhd-b3fc
35
vulnerability VCID-yxuh-bxh5-z3cw
36
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-ru3j-21j8-ayhm
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xm4q-u96p-57dd
19
vulnerability VCID-ytbc-8mhd-b3fc
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh
12
url VCID-7u7w-z8e3-aygf
vulnerability_id VCID-7u7w-z8e3-aygf
summary 
Silverstripe IE requests not properly behaving with rewritehashlinks
Non IE browsers don’t appear to be affected, but I haven’t tested a wide range of browsers to be sure

Requests that come through from IE do NOT appear to encode all entities in the URL string, meaning they are inserted into output content directly by SSViewer::process() when rewriting hashlinks, as it directly outputs $_SERVER[‘REQUEST_URI’]

**Example IE8 request**
127.0.0.1 - - [18/Jun/2014:14:13:42 +1000] “GET /site/cars/brands/toyota?one=1\”onmouseover=\”alert(‘things’);\” HTTP/1.1” 200

**Example FF request**
127.0.0.1 - - [18/Jun/2014:14:14:22 +1000] “GET /site/cars/brands/toyota?one=1\%22onmouseover=\%22alert(%27things%27);\%22 HTTP/1.1” 200

This causes any hash anchor to have the JS code inserted into the page as-is.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks
5
reference_url https://github.com/advisories/GHSA-5f5v-5c3v-gw5v
reference_id GHSA-5f5v-5c3v-gw5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5f5v-5c3v-gw5v
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-5ztp-wmty-aybx
7
vulnerability VCID-78b6-1v3w-qfc3
8
vulnerability VCID-7bpb-cgj3-b7ay
9
vulnerability VCID-7ek4-6y31-1qcs
10
vulnerability VCID-7hxq-cp29-r7dh
11
vulnerability VCID-8m1h-utem-jud3
12
vulnerability VCID-96f5-5qyr-g7d5
13
vulnerability VCID-9hf4-djcv-67d7
14
vulnerability VCID-9y5u-qyzd-3ud9
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-at1s-qxsg-5yfs
17
vulnerability VCID-b6nm-cphj-wfgw
18
vulnerability VCID-b7xq-cz8w-ubgm
19
vulnerability VCID-b95v-49p7-fkas
20
vulnerability VCID-c437-w2zy-y7c9
21
vulnerability VCID-c6bz-jwhm-vkgp
22
vulnerability VCID-cmwn-cjff-9qau
23
vulnerability VCID-cqjc-tsv5-7beg
24
vulnerability VCID-ecy2-x3a9-qbbx
25
vulnerability VCID-evh4-xq48-4fa6
26
vulnerability VCID-ewg1-jqza-eyez
27
vulnerability VCID-ggbg-8mtc-hudc
28
vulnerability VCID-gkkp-9fm7-jfaz
29
vulnerability VCID-gnpw-s9hp-wqfs
30
vulnerability VCID-h4k6-fruf-uqff
31
vulnerability VCID-hcuz-gz3w-97ew
32
vulnerability VCID-heyh-s54f-8qap
33
vulnerability VCID-hnme-cqff-c7dp
34
vulnerability VCID-m5rs-qptc-vued
35
vulnerability VCID-mkex-ht2r-cucz
36
vulnerability VCID-n4fk-735u-2baw
37
vulnerability VCID-nu3h-nb1g-67bs
38
vulnerability VCID-nute-ndg2-z7ev
39
vulnerability VCID-pkve-yjqy-syc2
40
vulnerability VCID-q939-fszs-wfdp
41
vulnerability VCID-qdwg-f2bx-1bay
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-sfyd-qn7r-eqdg
45
vulnerability VCID-sg62-98yy-2kd7
46
vulnerability VCID-t81f-5b8z-hyht
47
vulnerability VCID-tv7h-289s-xub4
48
vulnerability VCID-umhc-fdfh-1fdx
49
vulnerability VCID-uy47-3s8a-hbdn
50
vulnerability VCID-uyxp-7fh1-77cg
51
vulnerability VCID-wgdv-etcq-3qhw
52
vulnerability VCID-wmfv-vtnz-bkad
53
vulnerability VCID-xg74-3h1h-kqaf
54
vulnerability VCID-xsgv-a7bd-fqh8
55
vulnerability VCID-y8et-m846-2fc6
56
vulnerability VCID-yfuu-th6b-nba4
57
vulnerability VCID-z28b-1yrx-1bbn
58
vulnerability VCID-zca8-91sf-qkb4
59
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-78b6-1v3w-qfc3
10
vulnerability VCID-7bpb-cgj3-b7ay
11
vulnerability VCID-7ek4-6y31-1qcs
12
vulnerability VCID-7hxq-cp29-r7dh
13
vulnerability VCID-8m1h-utem-jud3
14
vulnerability VCID-9hf4-djcv-67d7
15
vulnerability VCID-9y5u-qyzd-3ud9
16
vulnerability VCID-a7cf-kpzy-xudd
17
vulnerability VCID-at1s-qxsg-5yfs
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-b7xq-cz8w-ubgm
20
vulnerability VCID-b95v-49p7-fkas
21
vulnerability VCID-c437-w2zy-y7c9
22
vulnerability VCID-c6bz-jwhm-vkgp
23
vulnerability VCID-cmwn-cjff-9qau
24
vulnerability VCID-cqjc-tsv5-7beg
25
vulnerability VCID-ecy2-x3a9-qbbx
26
vulnerability VCID-evh4-xq48-4fa6
27
vulnerability VCID-ewg1-jqza-eyez
28
vulnerability VCID-ggbg-8mtc-hudc
29
vulnerability VCID-gkkp-9fm7-jfaz
30
vulnerability VCID-gnpw-s9hp-wqfs
31
vulnerability VCID-h4k6-fruf-uqff
32
vulnerability VCID-hcuz-gz3w-97ew
33
vulnerability VCID-heyh-s54f-8qap
34
vulnerability VCID-hnhv-qx7p-wqcw
35
vulnerability VCID-hnme-cqff-c7dp
36
vulnerability VCID-m5rs-qptc-vued
37
vulnerability VCID-mkex-ht2r-cucz
38
vulnerability VCID-n4fk-735u-2baw
39
vulnerability VCID-nu3h-nb1g-67bs
40
vulnerability VCID-nute-ndg2-z7ev
41
vulnerability VCID-pkve-yjqy-syc2
42
vulnerability VCID-puvt-j32v-77eh
43
vulnerability VCID-q939-fszs-wfdp
44
vulnerability VCID-qdwg-f2bx-1bay
45
vulnerability VCID-qj5k-bcw3-5fgq
46
vulnerability VCID-qmfy-dxag-uuex
47
vulnerability VCID-r1eg-dwej-5kau
48
vulnerability VCID-rrmd-ud59-ffbp
49
vulnerability VCID-sfyd-qn7r-eqdg
50
vulnerability VCID-sg62-98yy-2kd7
51
vulnerability VCID-t81f-5b8z-hyht
52
vulnerability VCID-tv7h-289s-xub4
53
vulnerability VCID-twrb-6j51-aqcy
54
vulnerability VCID-ue4x-s1c4-zkcz
55
vulnerability VCID-umhc-fdfh-1fdx
56
vulnerability VCID-uy47-3s8a-hbdn
57
vulnerability VCID-uyxp-7fh1-77cg
58
vulnerability VCID-vatm-1vbd-bfam
59
vulnerability VCID-wgdv-etcq-3qhw
60
vulnerability VCID-wmfv-vtnz-bkad
61
vulnerability VCID-xg74-3h1h-kqaf
62
vulnerability VCID-xsgv-a7bd-fqh8
63
vulnerability VCID-y8et-m846-2fc6
64
vulnerability VCID-yfuu-th6b-nba4
65
vulnerability VCID-z28b-1yrx-1bbn
66
vulnerability VCID-zca8-91sf-qkb4
67
vulnerability VCID-zckr-zxq4-jyev
68
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases GHSA-5f5v-5c3v-gw5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u7w-z8e3-aygf
13
url VCID-8m1h-utem-jud3
vulnerability_id VCID-8m1h-utem-jud3
summary 
Silverstripe XSS in dev/build returnURL Parameter
A XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.

This issue is resolved in framework 3.1.14 stable release.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8
3
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-015
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-015
4
reference_url https://github.com/advisories/GHSA-hq4p-5mpr-jj9m
reference_id GHSA-hq4p-5mpr-jj9m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq4p-5mpr-jj9m
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-7ek4-6y31-1qcs
8
vulnerability VCID-7hxq-cp29-r7dh
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-cqjc-tsv5-7beg
19
vulnerability VCID-ecy2-x3a9-qbbx
20
vulnerability VCID-evh4-xq48-4fa6
21
vulnerability VCID-ewg1-jqza-eyez
22
vulnerability VCID-ggbg-8mtc-hudc
23
vulnerability VCID-gkkp-9fm7-jfaz
24
vulnerability VCID-gnpw-s9hp-wqfs
25
vulnerability VCID-h4k6-fruf-uqff
26
vulnerability VCID-hcuz-gz3w-97ew
27
vulnerability VCID-heyh-s54f-8qap
28
vulnerability VCID-hnhv-qx7p-wqcw
29
vulnerability VCID-hnme-cqff-c7dp
30
vulnerability VCID-m5rs-qptc-vued
31
vulnerability VCID-mkex-ht2r-cucz
32
vulnerability VCID-n4fk-735u-2baw
33
vulnerability VCID-nu3h-nb1g-67bs
34
vulnerability VCID-nute-ndg2-z7ev
35
vulnerability VCID-pkve-yjqy-syc2
36
vulnerability VCID-q939-fszs-wfdp
37
vulnerability VCID-qdwg-f2bx-1bay
38
vulnerability VCID-qj5k-bcw3-5fgq
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-rrmd-ud59-ffbp
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-vatm-1vbd-bfam
48
vulnerability VCID-wgdv-etcq-3qhw
49
vulnerability VCID-xg74-3h1h-kqaf
50
vulnerability VCID-xsgv-a7bd-fqh8
51
vulnerability VCID-y8et-m846-2fc6
52
vulnerability VCID-yfuu-th6b-nba4
53
vulnerability VCID-z28b-1yrx-1bbn
54
vulnerability VCID-zca8-91sf-qkb4
55
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases GHSA-hq4p-5mpr-jj9m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m1h-utem-jud3
14
url VCID-8xwp-xd3k-fqaz
vulnerability_id VCID-8xwp-xd3k-fqaz
summary 
IE requests issue
IE requests not properly behaving with `rewritehashlinks`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-5ztp-wmty-aybx
7
vulnerability VCID-78b6-1v3w-qfc3
8
vulnerability VCID-7bpb-cgj3-b7ay
9
vulnerability VCID-7ek4-6y31-1qcs
10
vulnerability VCID-7hxq-cp29-r7dh
11
vulnerability VCID-8m1h-utem-jud3
12
vulnerability VCID-96f5-5qyr-g7d5
13
vulnerability VCID-9hf4-djcv-67d7
14
vulnerability VCID-9y5u-qyzd-3ud9
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-at1s-qxsg-5yfs
17
vulnerability VCID-b6nm-cphj-wfgw
18
vulnerability VCID-b7xq-cz8w-ubgm
19
vulnerability VCID-b95v-49p7-fkas
20
vulnerability VCID-c437-w2zy-y7c9
21
vulnerability VCID-c6bz-jwhm-vkgp
22
vulnerability VCID-cmwn-cjff-9qau
23
vulnerability VCID-cqjc-tsv5-7beg
24
vulnerability VCID-ecy2-x3a9-qbbx
25
vulnerability VCID-evh4-xq48-4fa6
26
vulnerability VCID-ewg1-jqza-eyez
27
vulnerability VCID-ggbg-8mtc-hudc
28
vulnerability VCID-gkkp-9fm7-jfaz
29
vulnerability VCID-gnpw-s9hp-wqfs
30
vulnerability VCID-h4k6-fruf-uqff
31
vulnerability VCID-hcuz-gz3w-97ew
32
vulnerability VCID-heyh-s54f-8qap
33
vulnerability VCID-hnme-cqff-c7dp
34
vulnerability VCID-m5rs-qptc-vued
35
vulnerability VCID-mkex-ht2r-cucz
36
vulnerability VCID-n4fk-735u-2baw
37
vulnerability VCID-nu3h-nb1g-67bs
38
vulnerability VCID-nute-ndg2-z7ev
39
vulnerability VCID-pkve-yjqy-syc2
40
vulnerability VCID-q939-fszs-wfdp
41
vulnerability VCID-qdwg-f2bx-1bay
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-sfyd-qn7r-eqdg
45
vulnerability VCID-sg62-98yy-2kd7
46
vulnerability VCID-t81f-5b8z-hyht
47
vulnerability VCID-tv7h-289s-xub4
48
vulnerability VCID-umhc-fdfh-1fdx
49
vulnerability VCID-uy47-3s8a-hbdn
50
vulnerability VCID-uyxp-7fh1-77cg
51
vulnerability VCID-wgdv-etcq-3qhw
52
vulnerability VCID-wmfv-vtnz-bkad
53
vulnerability VCID-xg74-3h1h-kqaf
54
vulnerability VCID-xsgv-a7bd-fqh8
55
vulnerability VCID-y8et-m846-2fc6
56
vulnerability VCID-yfuu-th6b-nba4
57
vulnerability VCID-z28b-1yrx-1bbn
58
vulnerability VCID-zca8-91sf-qkb4
59
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-78b6-1v3w-qfc3
10
vulnerability VCID-7bpb-cgj3-b7ay
11
vulnerability VCID-7ek4-6y31-1qcs
12
vulnerability VCID-7hxq-cp29-r7dh
13
vulnerability VCID-8m1h-utem-jud3
14
vulnerability VCID-9hf4-djcv-67d7
15
vulnerability VCID-9y5u-qyzd-3ud9
16
vulnerability VCID-a7cf-kpzy-xudd
17
vulnerability VCID-at1s-qxsg-5yfs
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-b7xq-cz8w-ubgm
20
vulnerability VCID-b95v-49p7-fkas
21
vulnerability VCID-c437-w2zy-y7c9
22
vulnerability VCID-c6bz-jwhm-vkgp
23
vulnerability VCID-cmwn-cjff-9qau
24
vulnerability VCID-cqjc-tsv5-7beg
25
vulnerability VCID-ecy2-x3a9-qbbx
26
vulnerability VCID-evh4-xq48-4fa6
27
vulnerability VCID-ewg1-jqza-eyez
28
vulnerability VCID-ggbg-8mtc-hudc
29
vulnerability VCID-gkkp-9fm7-jfaz
30
vulnerability VCID-gnpw-s9hp-wqfs
31
vulnerability VCID-h4k6-fruf-uqff
32
vulnerability VCID-hcuz-gz3w-97ew
33
vulnerability VCID-heyh-s54f-8qap
34
vulnerability VCID-hnhv-qx7p-wqcw
35
vulnerability VCID-hnme-cqff-c7dp
36
vulnerability VCID-m5rs-qptc-vued
37
vulnerability VCID-mkex-ht2r-cucz
38
vulnerability VCID-n4fk-735u-2baw
39
vulnerability VCID-nu3h-nb1g-67bs
40
vulnerability VCID-nute-ndg2-z7ev
41
vulnerability VCID-pkve-yjqy-syc2
42
vulnerability VCID-puvt-j32v-77eh
43
vulnerability VCID-q939-fszs-wfdp
44
vulnerability VCID-qdwg-f2bx-1bay
45
vulnerability VCID-qj5k-bcw3-5fgq
46
vulnerability VCID-qmfy-dxag-uuex
47
vulnerability VCID-r1eg-dwej-5kau
48
vulnerability VCID-rrmd-ud59-ffbp
49
vulnerability VCID-sfyd-qn7r-eqdg
50
vulnerability VCID-sg62-98yy-2kd7
51
vulnerability VCID-t81f-5b8z-hyht
52
vulnerability VCID-tv7h-289s-xub4
53
vulnerability VCID-twrb-6j51-aqcy
54
vulnerability VCID-ue4x-s1c4-zkcz
55
vulnerability VCID-umhc-fdfh-1fdx
56
vulnerability VCID-uy47-3s8a-hbdn
57
vulnerability VCID-uyxp-7fh1-77cg
58
vulnerability VCID-vatm-1vbd-bfam
59
vulnerability VCID-wgdv-etcq-3qhw
60
vulnerability VCID-wmfv-vtnz-bkad
61
vulnerability VCID-xg74-3h1h-kqaf
62
vulnerability VCID-xsgv-a7bd-fqh8
63
vulnerability VCID-y8et-m846-2fc6
64
vulnerability VCID-yfuu-th6b-nba4
65
vulnerability VCID-z28b-1yrx-1bbn
66
vulnerability VCID-zca8-91sf-qkb4
67
vulnerability VCID-zckr-zxq4-jyev
68
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2014-015-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xwp-xd3k-fqaz
15
url VCID-96f5-5qyr-g7d5
vulnerability_id VCID-96f5-5qyr-g7d5
summary 
SilverStripe framework XML Quadratic Blowup Attack
A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.

See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8
3
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack
4
reference_url https://github.com/advisories/GHSA-g43w-98wp-m694
reference_id GHSA-g43w-98wp-m694
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g43w-98wp-m694
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-78b6-1v3w-qfc3
10
vulnerability VCID-7bpb-cgj3-b7ay
11
vulnerability VCID-7ek4-6y31-1qcs
12
vulnerability VCID-7hxq-cp29-r7dh
13
vulnerability VCID-8m1h-utem-jud3
14
vulnerability VCID-9hf4-djcv-67d7
15
vulnerability VCID-9y5u-qyzd-3ud9
16
vulnerability VCID-a7cf-kpzy-xudd
17
vulnerability VCID-at1s-qxsg-5yfs
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-b7xq-cz8w-ubgm
20
vulnerability VCID-b95v-49p7-fkas
21
vulnerability VCID-c437-w2zy-y7c9
22
vulnerability VCID-c6bz-jwhm-vkgp
23
vulnerability VCID-cmwn-cjff-9qau
24
vulnerability VCID-cqjc-tsv5-7beg
25
vulnerability VCID-ecy2-x3a9-qbbx
26
vulnerability VCID-evh4-xq48-4fa6
27
vulnerability VCID-ewg1-jqza-eyez
28
vulnerability VCID-ggbg-8mtc-hudc
29
vulnerability VCID-gkkp-9fm7-jfaz
30
vulnerability VCID-gnpw-s9hp-wqfs
31
vulnerability VCID-h4k6-fruf-uqff
32
vulnerability VCID-hcuz-gz3w-97ew
33
vulnerability VCID-heyh-s54f-8qap
34
vulnerability VCID-hnhv-qx7p-wqcw
35
vulnerability VCID-hnme-cqff-c7dp
36
vulnerability VCID-m5rs-qptc-vued
37
vulnerability VCID-mkex-ht2r-cucz
38
vulnerability VCID-n4fk-735u-2baw
39
vulnerability VCID-nu3h-nb1g-67bs
40
vulnerability VCID-nute-ndg2-z7ev
41
vulnerability VCID-pkve-yjqy-syc2
42
vulnerability VCID-puvt-j32v-77eh
43
vulnerability VCID-q939-fszs-wfdp
44
vulnerability VCID-qdwg-f2bx-1bay
45
vulnerability VCID-qj5k-bcw3-5fgq
46
vulnerability VCID-qmfy-dxag-uuex
47
vulnerability VCID-r1eg-dwej-5kau
48
vulnerability VCID-rrmd-ud59-ffbp
49
vulnerability VCID-sfyd-qn7r-eqdg
50
vulnerability VCID-sg62-98yy-2kd7
51
vulnerability VCID-t81f-5b8z-hyht
52
vulnerability VCID-tv7h-289s-xub4
53
vulnerability VCID-twrb-6j51-aqcy
54
vulnerability VCID-ue4x-s1c4-zkcz
55
vulnerability VCID-umhc-fdfh-1fdx
56
vulnerability VCID-uy47-3s8a-hbdn
57
vulnerability VCID-uyxp-7fh1-77cg
58
vulnerability VCID-vatm-1vbd-bfam
59
vulnerability VCID-wgdv-etcq-3qhw
60
vulnerability VCID-wmfv-vtnz-bkad
61
vulnerability VCID-xg74-3h1h-kqaf
62
vulnerability VCID-xsgv-a7bd-fqh8
63
vulnerability VCID-y8et-m846-2fc6
64
vulnerability VCID-yfuu-th6b-nba4
65
vulnerability VCID-z28b-1yrx-1bbn
66
vulnerability VCID-zca8-91sf-qkb4
67
vulnerability VCID-zckr-zxq4-jyev
68
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases GHSA-g43w-98wp-m694
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96f5-5qyr-g7d5
16
url VCID-9hf4-djcv-67d7
vulnerability_id VCID-9hf4-djcv-67d7
summary 
silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default.

SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and doesn't overwrite data on form construction.

Readonly and disabled form fields are already filtered out in Form->saveInto(), so maliciously submitted data on these fields doesn't make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-010
4
reference_url https://github.com/advisories/GHSA-97jm-g33h-f46g
reference_id GHSA-97jm-g33h-f46g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97jm-g33h-f46g
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-xsgv-a7bd-fqh8
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-gnpw-s9hp-wqfs
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-njph-ua7r-auaq
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases GHSA-97jm-g33h-f46g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hf4-djcv-67d7
17
url VCID-9y5u-qyzd-3ud9
vulnerability_id VCID-9y5u-qyzd-3ud9
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45478
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
reference_id CVE-2023-48714
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
4
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
reference_id CVE-2023-48714
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
5
reference_url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
6
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.39
purl pkg:composer/silverstripe/framework@4.13.39
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39
1
url pkg:composer/silverstripe/framework@5.1.11
purl pkg:composer/silverstripe/framework@5.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11
aliases CVE-2023-48714, GHSA-qm2j-qvq3-j29v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9
18
url VCID-a7cf-kpzy-xudd
vulnerability_id VCID-a7cf-kpzy-xudd
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42323
published_at 2026-06-05T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22729
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22729
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
reference_id CVE-2023-22729
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
6
reference_url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-gnpw-s9hp-wqfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22729, GHSA-fw84-xgm8-9jmv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd
19
url VCID-at1s-qxsg-5yfs
vulnerability_id VCID-at1s-qxsg-5yfs
summary 
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-xsgv-a7bd-fqh8
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qj5k-bcw3-5fgq
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-uy47-3s8a-hbdn
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-015
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs
20
url VCID-b6nm-cphj-wfgw
vulnerability_id VCID-b6nm-cphj-wfgw
summary 
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53948
published_at 2026-06-04T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54005
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
reference_id CVE-2019-12617
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
10
reference_url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
reference_id GHSA-6r58-4xgr-gm6m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-ru3j-21j8-ayhm
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xm4q-u96p-57dd
19
vulnerability VCID-ytbc-8mhd-b3fc
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw
21
url VCID-b7xq-cz8w-ubgm
vulnerability_id VCID-b7xq-cz8w-ubgm
summary 
Privilege Escalation
A member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.
references
0
reference_url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
reference_id
reference_type
scores
url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-7ek4-6y31-1qcs
8
vulnerability VCID-7hxq-cp29-r7dh
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-cqjc-tsv5-7beg
19
vulnerability VCID-ecy2-x3a9-qbbx
20
vulnerability VCID-evh4-xq48-4fa6
21
vulnerability VCID-ewg1-jqza-eyez
22
vulnerability VCID-ggbg-8mtc-hudc
23
vulnerability VCID-gkkp-9fm7-jfaz
24
vulnerability VCID-gnpw-s9hp-wqfs
25
vulnerability VCID-h4k6-fruf-uqff
26
vulnerability VCID-hcuz-gz3w-97ew
27
vulnerability VCID-heyh-s54f-8qap
28
vulnerability VCID-hnhv-qx7p-wqcw
29
vulnerability VCID-hnme-cqff-c7dp
30
vulnerability VCID-m5rs-qptc-vued
31
vulnerability VCID-mkex-ht2r-cucz
32
vulnerability VCID-n4fk-735u-2baw
33
vulnerability VCID-nu3h-nb1g-67bs
34
vulnerability VCID-nute-ndg2-z7ev
35
vulnerability VCID-pkve-yjqy-syc2
36
vulnerability VCID-q939-fszs-wfdp
37
vulnerability VCID-qdwg-f2bx-1bay
38
vulnerability VCID-qj5k-bcw3-5fgq
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-rrmd-ud59-ffbp
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-vatm-1vbd-bfam
48
vulnerability VCID-wgdv-etcq-3qhw
49
vulnerability VCID-xg74-3h1h-kqaf
50
vulnerability VCID-xsgv-a7bd-fqh8
51
vulnerability VCID-y8et-m846-2fc6
52
vulnerability VCID-yfuu-th6b-nba4
53
vulnerability VCID-z28b-1yrx-1bbn
54
vulnerability VCID-zca8-91sf-qkb4
55
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases SS-2015-020
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7xq-cz8w-ubgm
22
url VCID-b95v-49p7-fkas
vulnerability_id VCID-b95v-49p7-fkas
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59498
published_at 2026-06-05T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
6
reference_url https://github.com/advisories/GHSA-j696-6m57-mcrv
reference_id GHSA-j696-6m57-mcrv
reference_type
scores
url https://github.com/advisories/GHSA-j696-6m57-mcrv
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-h1y5-n4b7-ckg6
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-hq36-9ntc-akez
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nute-ndg2-z7ev
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-qmfy-dxag-uuex
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-u9e7-1zhg-mygt
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
29
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
1
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-h1y5-n4b7-ckg6
12
vulnerability VCID-hcuz-gz3w-97ew
13
vulnerability VCID-hq36-9ntc-akez
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nute-ndg2-z7ev
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-qmfy-dxag-uuex
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-u9e7-1zhg-mygt
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
29
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas
23
url VCID-c437-w2zy-y7c9
vulnerability_id VCID-c437-w2zy-y7c9
summary 
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.10-stable
purl pkg:composer/silverstripe/framework@3.4.10-stable
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9
24
url VCID-c6bz-jwhm-vkgp
vulnerability_id VCID-c6bz-jwhm-vkgp
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5014
published_at 2026-06-04T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.50201
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-njph-ua7r-auaq
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qmfy-dxag-uuex
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-sg62-98yy-2kd7
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xg74-3h1h-kqaf
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.4.4
purl pkg:composer/silverstripe/framework@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nute-ndg2-z7ev
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-qmfy-dxag-uuex
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-sg62-98yy-2kd7
22
vulnerability VCID-tv7h-289s-xub4
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4
2
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a7cf-kpzy-xudd
9
vulnerability VCID-aygc-4nhm-n7eq
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-fm87-te3v-pkc8
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-h1y5-n4b7-ckg6
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-y8et-m846-2fc6
33
vulnerability VCID-zdge-zsmz-8ud9
34
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
3
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a7cf-kpzy-xudd
9
vulnerability VCID-aygc-4nhm-n7eq
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-fm87-te3v-pkc8
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-h1y5-n4b7-ckg6
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
32
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp
25
url VCID-cmwn-cjff-9qau
vulnerability_id VCID-cmwn-cjff-9qau
summary 
Session Fixation
SilverStripe allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17184
published_at 2026-06-05T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
reference_id CVE-2019-12203
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
10
reference_url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
reference_id GHSA-w7r7-r8r9-vrg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-u9e7-1zhg-mygt
16
vulnerability VCID-umhc-fdfh-1fdx
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-umhc-fdfh-1fdx
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xg74-3h1h-kqaf
19
vulnerability VCID-y8et-m846-2fc6
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-ru3j-21j8-ayhm
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xm4q-u96p-57dd
19
vulnerability VCID-ytbc-8mhd-b3fc
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau
26
url VCID-cqjc-tsv5-7beg
vulnerability_id VCID-cqjc-tsv5-7beg
summary 
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.

The resolution for this issue is to ensure that all gridFieldAlterAction submissions are checked for the SecurityID token during submission.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-002
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-002
6
reference_url https://github.com/advisories/GHSA-2hpc-mf4q-j885
reference_id GHSA-2hpc-mf4q-j885
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hpc-mf4q-j885
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-xsgv-a7bd-fqh8
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.2
purl pkg:composer/silverstripe/framework@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-evh4-xq48-4fa6
17
vulnerability VCID-ewg1-jqza-eyez
18
vulnerability VCID-ggbg-8mtc-hudc
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qj5k-bcw3-5fgq
31
vulnerability VCID-qmfy-dxag-uuex
32
vulnerability VCID-r1eg-dwej-5kau
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
42
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3svb-wudn-aybz
5
vulnerability VCID-3x46-q9cb-7ubg
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases GHSA-2hpc-mf4q-j885
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjc-tsv5-7beg
27
url VCID-cscn-9erz-dfh1
vulnerability_id VCID-cscn-9erz-dfh1
summary 
Silverstripe XSS In rewritten hash links
A high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href="#anchor") to be rewritten in an unsafe way.

The rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate escaping, meaning that HTML could be injected via injecting unsafe values to any page via the querystring.

Due to the nature of this issue it is likely that a large number of SilverStripe sites are affected.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120
3
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links
4
reference_url https://github.com/advisories/GHSA-34q6-xqxh-gq39
reference_id GHSA-34q6-xqxh-gq39
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-34q6-xqxh-gq39
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.13
purl pkg:composer/silverstripe/framework@3.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-5ztp-wmty-aybx
7
vulnerability VCID-78b6-1v3w-qfc3
8
vulnerability VCID-7bpb-cgj3-b7ay
9
vulnerability VCID-7ek4-6y31-1qcs
10
vulnerability VCID-7hxq-cp29-r7dh
11
vulnerability VCID-8m1h-utem-jud3
12
vulnerability VCID-96f5-5qyr-g7d5
13
vulnerability VCID-9hf4-djcv-67d7
14
vulnerability VCID-9y5u-qyzd-3ud9
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-at1s-qxsg-5yfs
17
vulnerability VCID-b6nm-cphj-wfgw
18
vulnerability VCID-b7xq-cz8w-ubgm
19
vulnerability VCID-b95v-49p7-fkas
20
vulnerability VCID-c437-w2zy-y7c9
21
vulnerability VCID-c6bz-jwhm-vkgp
22
vulnerability VCID-cmwn-cjff-9qau
23
vulnerability VCID-cqjc-tsv5-7beg
24
vulnerability VCID-ecy2-x3a9-qbbx
25
vulnerability VCID-evh4-xq48-4fa6
26
vulnerability VCID-ewg1-jqza-eyez
27
vulnerability VCID-ggbg-8mtc-hudc
28
vulnerability VCID-gkkp-9fm7-jfaz
29
vulnerability VCID-gnpw-s9hp-wqfs
30
vulnerability VCID-h4k6-fruf-uqff
31
vulnerability VCID-hcuz-gz3w-97ew
32
vulnerability VCID-heyh-s54f-8qap
33
vulnerability VCID-hnme-cqff-c7dp
34
vulnerability VCID-m5rs-qptc-vued
35
vulnerability VCID-mkex-ht2r-cucz
36
vulnerability VCID-n4fk-735u-2baw
37
vulnerability VCID-nu3h-nb1g-67bs
38
vulnerability VCID-nute-ndg2-z7ev
39
vulnerability VCID-pkve-yjqy-syc2
40
vulnerability VCID-q939-fszs-wfdp
41
vulnerability VCID-qdwg-f2bx-1bay
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-sfyd-qn7r-eqdg
45
vulnerability VCID-sg62-98yy-2kd7
46
vulnerability VCID-t81f-5b8z-hyht
47
vulnerability VCID-tv7h-289s-xub4
48
vulnerability VCID-umhc-fdfh-1fdx
49
vulnerability VCID-uy47-3s8a-hbdn
50
vulnerability VCID-uyxp-7fh1-77cg
51
vulnerability VCID-wgdv-etcq-3qhw
52
vulnerability VCID-wmfv-vtnz-bkad
53
vulnerability VCID-xg74-3h1h-kqaf
54
vulnerability VCID-xsgv-a7bd-fqh8
55
vulnerability VCID-y8et-m846-2fc6
56
vulnerability VCID-yfuu-th6b-nba4
57
vulnerability VCID-z28b-1yrx-1bbn
58
vulnerability VCID-zca8-91sf-qkb4
59
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13
1
url pkg:composer/silverstripe/framework@3.1.12
purl pkg:composer/silverstripe/framework@3.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-5ztp-wmty-aybx
9
vulnerability VCID-78b6-1v3w-qfc3
10
vulnerability VCID-7bpb-cgj3-b7ay
11
vulnerability VCID-7ek4-6y31-1qcs
12
vulnerability VCID-7hxq-cp29-r7dh
13
vulnerability VCID-8m1h-utem-jud3
14
vulnerability VCID-9hf4-djcv-67d7
15
vulnerability VCID-9y5u-qyzd-3ud9
16
vulnerability VCID-a7cf-kpzy-xudd
17
vulnerability VCID-at1s-qxsg-5yfs
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-b7xq-cz8w-ubgm
20
vulnerability VCID-b95v-49p7-fkas
21
vulnerability VCID-c437-w2zy-y7c9
22
vulnerability VCID-c6bz-jwhm-vkgp
23
vulnerability VCID-cmwn-cjff-9qau
24
vulnerability VCID-cqjc-tsv5-7beg
25
vulnerability VCID-ecy2-x3a9-qbbx
26
vulnerability VCID-evh4-xq48-4fa6
27
vulnerability VCID-ewg1-jqza-eyez
28
vulnerability VCID-ggbg-8mtc-hudc
29
vulnerability VCID-gkkp-9fm7-jfaz
30
vulnerability VCID-gnpw-s9hp-wqfs
31
vulnerability VCID-h4k6-fruf-uqff
32
vulnerability VCID-hcuz-gz3w-97ew
33
vulnerability VCID-heyh-s54f-8qap
34
vulnerability VCID-hnhv-qx7p-wqcw
35
vulnerability VCID-hnme-cqff-c7dp
36
vulnerability VCID-m5rs-qptc-vued
37
vulnerability VCID-mkex-ht2r-cucz
38
vulnerability VCID-n4fk-735u-2baw
39
vulnerability VCID-nu3h-nb1g-67bs
40
vulnerability VCID-nute-ndg2-z7ev
41
vulnerability VCID-pkve-yjqy-syc2
42
vulnerability VCID-puvt-j32v-77eh
43
vulnerability VCID-q939-fszs-wfdp
44
vulnerability VCID-qdwg-f2bx-1bay
45
vulnerability VCID-qj5k-bcw3-5fgq
46
vulnerability VCID-qmfy-dxag-uuex
47
vulnerability VCID-r1eg-dwej-5kau
48
vulnerability VCID-rrmd-ud59-ffbp
49
vulnerability VCID-sfyd-qn7r-eqdg
50
vulnerability VCID-sg62-98yy-2kd7
51
vulnerability VCID-t81f-5b8z-hyht
52
vulnerability VCID-tv7h-289s-xub4
53
vulnerability VCID-twrb-6j51-aqcy
54
vulnerability VCID-ue4x-s1c4-zkcz
55
vulnerability VCID-umhc-fdfh-1fdx
56
vulnerability VCID-uy47-3s8a-hbdn
57
vulnerability VCID-uyxp-7fh1-77cg
58
vulnerability VCID-vatm-1vbd-bfam
59
vulnerability VCID-wgdv-etcq-3qhw
60
vulnerability VCID-wmfv-vtnz-bkad
61
vulnerability VCID-xg74-3h1h-kqaf
62
vulnerability VCID-xsgv-a7bd-fqh8
63
vulnerability VCID-y8et-m846-2fc6
64
vulnerability VCID-yfuu-th6b-nba4
65
vulnerability VCID-z28b-1yrx-1bbn
66
vulnerability VCID-zca8-91sf-qkb4
67
vulnerability VCID-zckr-zxq4-jyev
68
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12
aliases GHSA-34q6-xqxh-gq39
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cscn-9erz-dfh1
28
url VCID-ecy2-x3a9-qbbx
vulnerability_id VCID-ecy2-x3a9-qbbx
summary 
Silverstripe Missing security check on dev/build/defaults
The buildDefaults method on DevelopmentAdmin is missing a permission check.

In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is.
The buildDefaults view is requireDefaultRecords() on each DataObject class, and hence has the potential to modify database state. It also lists all modified tables, allowing attackers more insight into which modules are used, and how the database tables are structured.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-028
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2015-028
6
reference_url https://github.com/advisories/GHSA-x5w2-wcr8-9q45
reference_id GHSA-x5w2-wcr8-9q45
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5w2-wcr8-9q45
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-xsgv-a7bd-fqh8
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.2
purl pkg:composer/silverstripe/framework@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-evh4-xq48-4fa6
17
vulnerability VCID-ewg1-jqza-eyez
18
vulnerability VCID-ggbg-8mtc-hudc
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qj5k-bcw3-5fgq
31
vulnerability VCID-qmfy-dxag-uuex
32
vulnerability VCID-r1eg-dwej-5kau
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
42
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3svb-wudn-aybz
5
vulnerability VCID-3x46-q9cb-7ubg
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases GHSA-x5w2-wcr8-9q45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecy2-x3a9-qbbx
29
url VCID-evh4-xq48-4fa6
vulnerability_id VCID-evh4-xq48-4fa6
summary 
Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-005
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-005
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-xsgv-a7bd-fqh8
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y6gd-vy49-17b4
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-y6gd-vy49-17b4
44
vulnerability VCID-y8et-m846-2fc6
45
vulnerability VCID-z28b-1yrx-1bbn
46
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y6gd-vy49-17b4
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9ugf-duna-xfgy
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b95v-49p7-fkas
16
vulnerability VCID-c437-w2zy-y7c9
17
vulnerability VCID-c6bz-jwhm-vkgp
18
vulnerability VCID-cmwn-cjff-9qau
19
vulnerability VCID-czh2-w6fk-xqd6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-excr-b2pz-jydm
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-hnme-cqff-c7dp
26
vulnerability VCID-mkex-ht2r-cucz
27
vulnerability VCID-n1mj-u4yk-jqhn
28
vulnerability VCID-n4fk-735u-2baw
29
vulnerability VCID-nute-ndg2-z7ev
30
vulnerability VCID-pkve-yjqy-syc2
31
vulnerability VCID-qdwg-f2bx-1bay
32
vulnerability VCID-qj5k-bcw3-5fgq
33
vulnerability VCID-qmfy-dxag-uuex
34
vulnerability VCID-r1eg-dwej-5kau
35
vulnerability VCID-sg62-98yy-2kd7
36
vulnerability VCID-t81f-5b8z-hyht
37
vulnerability VCID-tv7h-289s-xub4
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-uy47-3s8a-hbdn
40
vulnerability VCID-v9ch-up34-nuab
41
vulnerability VCID-vatg-guxu-2ud7
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-f4hv-79km-3ygt
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-vatg-guxu-2ud7
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y6gd-vy49-17b4
43
vulnerability VCID-y8et-m846-2fc6
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6
30
url VCID-ewg1-jqza-eyez
vulnerability_id VCID-ewg1-jqza-eyez
summary 
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-xsgv-a7bd-fqh8
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qj5k-bcw3-5fgq
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-uy47-3s8a-hbdn
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez
31
url VCID-ggbg-8mtc-hudc
vulnerability_id VCID-ggbg-8mtc-hudc
summary 
XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-004
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-xsgv-a7bd-fqh8
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y6gd-vy49-17b4
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-y6gd-vy49-17b4
44
vulnerability VCID-y8et-m846-2fc6
45
vulnerability VCID-z28b-1yrx-1bbn
46
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y6gd-vy49-17b4
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9ugf-duna-xfgy
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b95v-49p7-fkas
16
vulnerability VCID-c437-w2zy-y7c9
17
vulnerability VCID-c6bz-jwhm-vkgp
18
vulnerability VCID-cmwn-cjff-9qau
19
vulnerability VCID-czh2-w6fk-xqd6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-excr-b2pz-jydm
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-hnme-cqff-c7dp
26
vulnerability VCID-mkex-ht2r-cucz
27
vulnerability VCID-n1mj-u4yk-jqhn
28
vulnerability VCID-n4fk-735u-2baw
29
vulnerability VCID-nute-ndg2-z7ev
30
vulnerability VCID-pkve-yjqy-syc2
31
vulnerability VCID-qdwg-f2bx-1bay
32
vulnerability VCID-qj5k-bcw3-5fgq
33
vulnerability VCID-qmfy-dxag-uuex
34
vulnerability VCID-r1eg-dwej-5kau
35
vulnerability VCID-sg62-98yy-2kd7
36
vulnerability VCID-t81f-5b8z-hyht
37
vulnerability VCID-tv7h-289s-xub4
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-uy47-3s8a-hbdn
40
vulnerability VCID-v9ch-up34-nuab
41
vulnerability VCID-vatg-guxu-2ud7
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-f4hv-79km-3ygt
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-vatg-guxu-2ud7
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y6gd-vy49-17b4
43
vulnerability VCID-y8et-m846-2fc6
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-004
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc
32
url VCID-gkkp-9fm7-jfaz
vulnerability_id VCID-gkkp-9fm7-jfaz
summary 
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-xsgv-a7bd-fqh8
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qj5k-bcw3-5fgq
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-uy47-3s8a-hbdn
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz
33
url VCID-gnpw-s9hp-wqfs
vulnerability_id VCID-gnpw-s9hp-wqfs
summary 
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
1
reference_url https://github.com/github/advisory-database/pull/2575
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2575
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
4
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
5
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
reference_id CVE-2023-32302
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
8
reference_url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
9
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.14
purl pkg:composer/silverstripe/framework@4.13.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14
1
url pkg:composer/silverstripe/framework@5.0.13
purl pkg:composer/silverstripe/framework@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13
aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs
34
url VCID-h4k6-fruf-uqff
vulnerability_id VCID-h4k6-fruf-uqff
summary 
Insufficient sanitization in "Add from URL"
"Add from URL" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4k6-fruf-uqff
35
url VCID-hcuz-gz3w-97ew
vulnerability_id VCID-hcuz-gz3w-97ew
summary Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
2
reference_url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
reference_id CVE-2022-0227
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
4
reference_url https://github.com/advisories/GHSA-32m2-9f76-4gv8
reference_id GHSA-32m2-9f76-4gv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32m2-9f76-4gv8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.1
purl pkg:composer/silverstripe/framework@4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-uy47-3s8a-hbdn
11
vulnerability VCID-xm4q-u96p-57dd
12
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1
aliases CVE-2022-0227, GHSA-32m2-9f76-4gv8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew
36
url VCID-heyh-s54f-8qap
vulnerability_id VCID-heyh-s54f-8qap
summary 
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies.

The impact of spoofed headers can include Director::forceSSL() not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers.

Regardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Request hostname forgery in order to opt-in to these protections. If your website is not behind a reverse proxy, you might already be protected if using Apache with mod_env enabled, and you have the following line in your .htaccess file: SetEnv BlockUntrustedIPs true.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-003
6
reference_url https://github.com/advisories/GHSA-87pf-7x99-5xc4
reference_id GHSA-87pf-7x99-5xc4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87pf-7x99-5xc4
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.17
purl pkg:composer/silverstripe/framework@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-xsgv-a7bd-fqh8
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17
1
url pkg:composer/silverstripe/framework@3.2.2
purl pkg:composer/silverstripe/framework@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-evh4-xq48-4fa6
17
vulnerability VCID-ewg1-jqza-eyez
18
vulnerability VCID-ggbg-8mtc-hudc
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qj5k-bcw3-5fgq
31
vulnerability VCID-qmfy-dxag-uuex
32
vulnerability VCID-r1eg-dwej-5kau
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
42
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2
2
url pkg:composer/silverstripe/framework@3.3.0
purl pkg:composer/silverstripe/framework@3.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3svb-wudn-aybz
5
vulnerability VCID-3x46-q9cb-7ubg
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-evh4-xq48-4fa6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-ggbg-8mtc-hudc
20
vulnerability VCID-gkkp-9fm7-jfaz
21
vulnerability VCID-gnpw-s9hp-wqfs
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hnme-cqff-c7dp
24
vulnerability VCID-m5rs-qptc-vued
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n4fk-735u-2baw
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-wgdv-etcq-3qhw
40
vulnerability VCID-xg74-3h1h-kqaf
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0
aliases GHSA-87pf-7x99-5xc4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-heyh-s54f-8qap
37
url VCID-hnme-cqff-c7dp
vulnerability_id VCID-hnme-cqff-c7dp
summary 
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-010/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-xsgv-a7bd-fqh8
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c6bz-jwhm-vkgp
9
vulnerability VCID-cmwn-cjff-9qau
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-sg62-98yy-2kd7
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-tv7h-289s-xub4
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-uy47-3s8a-hbdn
24
vulnerability VCID-wgdv-etcq-3qhw
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-gnpw-s9hp-wqfs
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-njph-ua7r-auaq
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-010
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp
38
url VCID-m5rs-qptc-vued
vulnerability_id VCID-m5rs-qptc-vued
summary 
Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
1
reference_url http://stackoverflow.com/a/15350123
reference_id
reference_type
scores
url http://stackoverflow.com/a/15350123
2
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-006
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-xsgv-a7bd-fqh8
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y6gd-vy49-17b4
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-y6gd-vy49-17b4
44
vulnerability VCID-y8et-m846-2fc6
45
vulnerability VCID-z28b-1yrx-1bbn
46
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y6gd-vy49-17b4
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9ugf-duna-xfgy
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b95v-49p7-fkas
16
vulnerability VCID-c437-w2zy-y7c9
17
vulnerability VCID-c6bz-jwhm-vkgp
18
vulnerability VCID-cmwn-cjff-9qau
19
vulnerability VCID-czh2-w6fk-xqd6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-excr-b2pz-jydm
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-hnme-cqff-c7dp
26
vulnerability VCID-mkex-ht2r-cucz
27
vulnerability VCID-n1mj-u4yk-jqhn
28
vulnerability VCID-n4fk-735u-2baw
29
vulnerability VCID-nute-ndg2-z7ev
30
vulnerability VCID-pkve-yjqy-syc2
31
vulnerability VCID-qdwg-f2bx-1bay
32
vulnerability VCID-qj5k-bcw3-5fgq
33
vulnerability VCID-qmfy-dxag-uuex
34
vulnerability VCID-r1eg-dwej-5kau
35
vulnerability VCID-sg62-98yy-2kd7
36
vulnerability VCID-t81f-5b8z-hyht
37
vulnerability VCID-tv7h-289s-xub4
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-uy47-3s8a-hbdn
40
vulnerability VCID-v9ch-up34-nuab
41
vulnerability VCID-vatg-guxu-2ud7
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-f4hv-79km-3ygt
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-vatg-guxu-2ud7
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y6gd-vy49-17b4
43
vulnerability VCID-y8et-m846-2fc6
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued
39
url VCID-mkex-ht2r-cucz
vulnerability_id VCID-mkex-ht2r-cucz
summary 
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56702
published_at 2026-06-04T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56754
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
9
reference_url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
reference_id GHSA-43jj-2rwc-2m3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-37d1-tt74-yyfm
4
vulnerability VCID-7gak-15m5-j3f5
5
vulnerability VCID-7w7t-3783-1kbs
6
vulnerability VCID-9t4k-8hsz-bfdw
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a1p9-cwzb-kbgb
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-aj7q-x4hc-xbdm
11
vulnerability VCID-aygc-4nhm-n7eq
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-fm87-te3v-pkc8
16
vulnerability VCID-fmfu-81xu-pfdy
17
vulnerability VCID-g7kn-gn2m-myc3
18
vulnerability VCID-gnpw-s9hp-wqfs
19
vulnerability VCID-h9g1-7wez-8qft
20
vulnerability VCID-hcuz-gz3w-97ew
21
vulnerability VCID-hq36-9ntc-akez
22
vulnerability VCID-m3us-9sft-wbh8
23
vulnerability VCID-n4fk-735u-2baw
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-nzcm-xbxx-wyf9
26
vulnerability VCID-p2m9-rejx-e3e9
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qmfy-dxag-uuex
29
vulnerability VCID-r1eg-dwej-5kau
30
vulnerability VCID-ru3j-21j8-ayhm
31
vulnerability VCID-tsdn-bu3d-ubaf
32
vulnerability VCID-tv7h-289s-xub4
33
vulnerability VCID-uy47-3s8a-hbdn
34
vulnerability VCID-wgdv-etcq-3qhw
35
vulnerability VCID-xg74-3h1h-kqaf
36
vulnerability VCID-xm4q-u96p-57dd
37
vulnerability VCID-y8et-m846-2fc6
38
vulnerability VCID-ytbc-8mhd-b3fc
39
vulnerability VCID-yxuh-bxh5-z3cw
40
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-aj7q-x4hc-xbdm
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-ca4q-xd4v-vqfe
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-fmfu-81xu-pfdy
13
vulnerability VCID-g7kn-gn2m-myc3
14
vulnerability VCID-gnpw-s9hp-wqfs
15
vulnerability VCID-h9g1-7wez-8qft
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hq36-9ntc-akez
18
vulnerability VCID-m3us-9sft-wbh8
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-nzcm-xbxx-wyf9
22
vulnerability VCID-p2m9-rejx-e3e9
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-ru3j-21j8-ayhm
27
vulnerability VCID-tsdn-bu3d-ubaf
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-xm4q-u96p-57dd
33
vulnerability VCID-y8et-m846-2fc6
34
vulnerability VCID-ytbc-8mhd-b3fc
35
vulnerability VCID-yxuh-bxh5-z3cw
36
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-ru3j-21j8-ayhm
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xm4q-u96p-57dd
19
vulnerability VCID-ytbc-8mhd-b3fc
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz
40
url VCID-n4fk-735u-2baw
vulnerability_id VCID-n4fk-735u-2baw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.5931
published_at 2026-06-05T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.5926
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
6
reference_url https://github.com/advisories/GHSA-j66h-cc96-c32q
reference_id GHSA-j66h-cc96-c32q
reference_type
scores
url https://github.com/advisories/GHSA-j66h-cc96-c32q
fixed_packages
0
url pkg:composer/silverstripe/framework@4.9.0-alpha1
purl pkg:composer/silverstripe/framework@4.9.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-uy47-3s8a-hbdn
12
vulnerability VCID-xm4q-u96p-57dd
13
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1
1
url pkg:composer/silverstripe/framework@4.9.0
purl pkg:composer/silverstripe/framework@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-uy47-3s8a-hbdn
12
vulnerability VCID-xm4q-u96p-57dd
13
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0
aliases CVE-2021-36150, GHSA-j66h-cc96-c32q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw
41
url VCID-nu3h-nb1g-67bs
vulnerability_id VCID-nu3h-nb1g-67bs
summary 
Improper Input Validation
`HtmlEditor` improper URL sanitisation.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3h-nb1g-67bs
42
url VCID-nute-ndg2-z7ev
vulnerability_id VCID-nute-ndg2-z7ev
summary 
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59631
published_at 2026-06-04T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59681
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
9
reference_url https://github.com/advisories/GHSA-rfvw-5848-gxc5
reference_id GHSA-rfvw-5848-gxc5
reference_type
scores
url https://github.com/advisories/GHSA-rfvw-5848-gxc5
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-ru3j-21j8-ayhm
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xm4q-u96p-57dd
19
vulnerability VCID-ytbc-8mhd-b3fc
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev
43
url VCID-pkve-yjqy-syc2
vulnerability_id VCID-pkve-yjqy-syc2
summary 
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43423
published_at 2026-06-05T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.4335
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
8
reference_url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
reference_id GHSA-q9ff-3q93-fm8m
reference_type
scores
url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-9y5u-qyzd-3ud9
2
vulnerability VCID-a7cf-kpzy-xudd
3
vulnerability VCID-gnpw-s9hp-wqfs
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-tv7h-289s-xub4
8
vulnerability VCID-uy47-3s8a-hbdn
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
1
url pkg:composer/silverstripe/framework@4.4.7
purl pkg:composer/silverstripe/framework@4.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xm4q-u96p-57dd
17
vulnerability VCID-ytbc-8mhd-b3fc
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7
2
url pkg:composer/silverstripe/framework@4.5.4
purl pkg:composer/silverstripe/framework@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xm4q-u96p-57dd
17
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4
aliases CVE-2019-19326, GHSA-q9ff-3q93-fm8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2
44
url VCID-q939-fszs-wfdp
vulnerability_id VCID-q939-fszs-wfdp
summary 
CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-029
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-029
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-xsgv-a7bd-fqh8
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xsgv-a7bd-fqh8
41
vulnerability VCID-y6gd-vy49-17b4
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-z28b-1yrx-1bbn
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9ugf-duna-xfgy
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-excr-b2pz-jydm
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-v9ch-up34-nuab
40
vulnerability VCID-vatg-guxu-2ud7
41
vulnerability VCID-wgdv-etcq-3qhw
42
vulnerability VCID-xg74-3h1h-kqaf
43
vulnerability VCID-y6gd-vy49-17b4
44
vulnerability VCID-y8et-m846-2fc6
45
vulnerability VCID-z28b-1yrx-1bbn
46
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-czh2-w6fk-xqd6
18
vulnerability VCID-ewg1-jqza-eyez
19
vulnerability VCID-gkkp-9fm7-jfaz
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-hcuz-gz3w-97ew
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n1mj-u4yk-jqhn
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qdwg-f2bx-1bay
29
vulnerability VCID-qj5k-bcw3-5fgq
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-sg62-98yy-2kd7
33
vulnerability VCID-t81f-5b8z-hyht
34
vulnerability VCID-tv7h-289s-xub4
35
vulnerability VCID-umhc-fdfh-1fdx
36
vulnerability VCID-uy47-3s8a-hbdn
37
vulnerability VCID-vatg-guxu-2ud7
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y6gd-vy49-17b4
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-z28b-1yrx-1bbn
43
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9ugf-duna-xfgy
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b95v-49p7-fkas
16
vulnerability VCID-c437-w2zy-y7c9
17
vulnerability VCID-c6bz-jwhm-vkgp
18
vulnerability VCID-cmwn-cjff-9qau
19
vulnerability VCID-czh2-w6fk-xqd6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-excr-b2pz-jydm
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-hnme-cqff-c7dp
26
vulnerability VCID-mkex-ht2r-cucz
27
vulnerability VCID-n1mj-u4yk-jqhn
28
vulnerability VCID-n4fk-735u-2baw
29
vulnerability VCID-nute-ndg2-z7ev
30
vulnerability VCID-pkve-yjqy-syc2
31
vulnerability VCID-qdwg-f2bx-1bay
32
vulnerability VCID-qj5k-bcw3-5fgq
33
vulnerability VCID-qmfy-dxag-uuex
34
vulnerability VCID-r1eg-dwej-5kau
35
vulnerability VCID-sg62-98yy-2kd7
36
vulnerability VCID-t81f-5b8z-hyht
37
vulnerability VCID-tv7h-289s-xub4
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-uy47-3s8a-hbdn
40
vulnerability VCID-v9ch-up34-nuab
41
vulnerability VCID-vatg-guxu-2ud7
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-y6gd-vy49-17b4
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-z28b-1yrx-1bbn
47
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-9hf4-djcv-67d7
10
vulnerability VCID-9y5u-qyzd-3ud9
11
vulnerability VCID-a7cf-kpzy-xudd
12
vulnerability VCID-at1s-qxsg-5yfs
13
vulnerability VCID-b6nm-cphj-wfgw
14
vulnerability VCID-b95v-49p7-fkas
15
vulnerability VCID-c437-w2zy-y7c9
16
vulnerability VCID-c6bz-jwhm-vkgp
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-czh2-w6fk-xqd6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-f4hv-79km-3ygt
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-hnme-cqff-c7dp
25
vulnerability VCID-mkex-ht2r-cucz
26
vulnerability VCID-n1mj-u4yk-jqhn
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-pkve-yjqy-syc2
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qj5k-bcw3-5fgq
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-umhc-fdfh-1fdx
38
vulnerability VCID-uy47-3s8a-hbdn
39
vulnerability VCID-vatg-guxu-2ud7
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y6gd-vy49-17b4
43
vulnerability VCID-y8et-m846-2fc6
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2015-029
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp
45
url VCID-qdwg-f2bx-1bay
vulnerability_id VCID-qdwg-f2bx-1bay
summary 
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43781
published_at 2026-06-05T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43711
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.exploit-db.com/exploits/43396
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43396
3
reference_url https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43396/
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
reference_id CVE-2017-18049
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6-rc1
purl pkg:composer/silverstripe/framework@3.5.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-mkex-ht2r-cucz
13
vulnerability VCID-n4fk-735u-2baw
14
vulnerability VCID-nute-ndg2-z7ev
15
vulnerability VCID-pkve-yjqy-syc2
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-u9e7-1zhg-mygt
20
vulnerability VCID-umhc-fdfh-1fdx
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
25
vulnerability VCID-zdge-zsmz-8ud9
26
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1
1
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-9y5u-qyzd-3ud9
4
vulnerability VCID-a7cf-kpzy-xudd
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-gnpw-s9hp-wqfs
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-u9e7-1zhg-mygt
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-uy47-3s8a-hbdn
19
vulnerability VCID-wgdv-etcq-3qhw
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
2
url pkg:composer/silverstripe/framework@3.6.3-rc2
purl pkg:composer/silverstripe/framework@3.6.3-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-9y5u-qyzd-3ud9
5
vulnerability VCID-a7cf-kpzy-xudd
6
vulnerability VCID-aygc-4nhm-n7eq
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-fm87-te3v-pkc8
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-hq36-9ntc-akez
13
vulnerability VCID-mkex-ht2r-cucz
14
vulnerability VCID-n4fk-735u-2baw
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-pkve-yjqy-syc2
17
vulnerability VCID-qmfy-dxag-uuex
18
vulnerability VCID-r1eg-dwej-5kau
19
vulnerability VCID-tv7h-289s-xub4
20
vulnerability VCID-u9e7-1zhg-mygt
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-uy47-3s8a-hbdn
23
vulnerability VCID-wgdv-etcq-3qhw
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y8et-m846-2fc6
26
vulnerability VCID-zdge-zsmz-8ud9
27
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2
3
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-9y5u-qyzd-3ud9
4
vulnerability VCID-a7cf-kpzy-xudd
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-gnpw-s9hp-wqfs
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-hq36-9ntc-akez
10
vulnerability VCID-mkex-ht2r-cucz
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nute-ndg2-z7ev
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-u9e7-1zhg-mygt
18
vulnerability VCID-umhc-fdfh-1fdx
19
vulnerability VCID-uy47-3s8a-hbdn
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
23
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
4
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-37d1-tt74-yyfm
4
vulnerability VCID-7gak-15m5-j3f5
5
vulnerability VCID-7w7t-3783-1kbs
6
vulnerability VCID-9t4k-8hsz-bfdw
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a1p9-cwzb-kbgb
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-aj7q-x4hc-xbdm
11
vulnerability VCID-aygc-4nhm-n7eq
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-fm87-te3v-pkc8
16
vulnerability VCID-fmfu-81xu-pfdy
17
vulnerability VCID-g7kn-gn2m-myc3
18
vulnerability VCID-gnpw-s9hp-wqfs
19
vulnerability VCID-h9g1-7wez-8qft
20
vulnerability VCID-hcuz-gz3w-97ew
21
vulnerability VCID-hq36-9ntc-akez
22
vulnerability VCID-m3us-9sft-wbh8
23
vulnerability VCID-n4fk-735u-2baw
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-nzcm-xbxx-wyf9
26
vulnerability VCID-p2m9-rejx-e3e9
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-qmfy-dxag-uuex
29
vulnerability VCID-r1eg-dwej-5kau
30
vulnerability VCID-ru3j-21j8-ayhm
31
vulnerability VCID-tsdn-bu3d-ubaf
32
vulnerability VCID-tv7h-289s-xub4
33
vulnerability VCID-uy47-3s8a-hbdn
34
vulnerability VCID-wgdv-etcq-3qhw
35
vulnerability VCID-xg74-3h1h-kqaf
36
vulnerability VCID-xm4q-u96p-57dd
37
vulnerability VCID-y8et-m846-2fc6
38
vulnerability VCID-ytbc-8mhd-b3fc
39
vulnerability VCID-yxuh-bxh5-z3cw
40
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
5
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-aj7q-x4hc-xbdm
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-ca4q-xd4v-vqfe
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-fmfu-81xu-pfdy
13
vulnerability VCID-g7kn-gn2m-myc3
14
vulnerability VCID-gnpw-s9hp-wqfs
15
vulnerability VCID-h9g1-7wez-8qft
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hq36-9ntc-akez
18
vulnerability VCID-m3us-9sft-wbh8
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-nzcm-xbxx-wyf9
22
vulnerability VCID-p2m9-rejx-e3e9
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-ru3j-21j8-ayhm
27
vulnerability VCID-tsdn-bu3d-ubaf
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-xm4q-u96p-57dd
33
vulnerability VCID-y8et-m846-2fc6
34
vulnerability VCID-ytbc-8mhd-b3fc
35
vulnerability VCID-yxuh-bxh5-z3cw
36
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay
46
url VCID-qmfy-dxag-uuex
vulnerability_id VCID-qmfy-dxag-uuex
summary 
Improper Authentication
In SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44223
published_at 2026-06-05T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26136
8
reference_url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
reference_id GHSA-mg2g-8pwj-r2j2
reference_type
scores
url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-uy47-3s8a-hbdn
13
vulnerability VCID-xm4q-u96p-57dd
14
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
aliases CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex
47
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42056
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
48
url VCID-sfyd-qn7r-eqdg
vulnerability_id VCID-sfyd-qn7r-eqdg
summary 
Silverstripe CMS Open Redirect
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
references
0
reference_url http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
1
reference_url http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5062
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57558
published_at 2026-06-04T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57611
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5062
3
reference_url https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419
4
reference_url https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5062
reference_id CVE-2015-5062
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5062
6
reference_url https://github.com/advisories/GHSA-fh35-p8ph-p545
reference_id GHSA-fh35-p8ph-p545
reference_type
scores
url https://github.com/advisories/GHSA-fh35-p8ph-p545
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14-rc1
purl pkg:composer/silverstripe/framework@3.1.14-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sg62-98yy-2kd7
46
vulnerability VCID-t81f-5b8z-hyht
47
vulnerability VCID-tv7h-289s-xub4
48
vulnerability VCID-twrb-6j51-aqcy
49
vulnerability VCID-umhc-fdfh-1fdx
50
vulnerability VCID-uy47-3s8a-hbdn
51
vulnerability VCID-vatm-1vbd-bfam
52
vulnerability VCID-wgdv-etcq-3qhw
53
vulnerability VCID-xg74-3h1h-kqaf
54
vulnerability VCID-xsgv-a7bd-fqh8
55
vulnerability VCID-y8et-m846-2fc6
56
vulnerability VCID-yfuu-th6b-nba4
57
vulnerability VCID-z28b-1yrx-1bbn
58
vulnerability VCID-zca8-91sf-qkb4
59
vulnerability VCID-zckr-zxq4-jyev
60
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14-rc1
aliases CVE-2015-5062, GHSA-fh35-p8ph-p545
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyd-qn7r-eqdg
49
url VCID-sg62-98yy-2kd7
vulnerability_id VCID-sg62-98yy-2kd7
summary 
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37842
published_at 2026-06-05T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37751
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
4
reference_url https://github.com/silverstripe/silverstripe-graphql/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases
5
reference_url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
8
reference_url https://github.com/advisories/GHSA-r7rh-g777-g5gx
reference_id GHSA-r7rh-g777-g5gx
reference_type
scores
url https://github.com/advisories/GHSA-r7rh-g777-g5gx
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a7cf-kpzy-xudd
9
vulnerability VCID-aygc-4nhm-n7eq
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-fm87-te3v-pkc8
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-h1y5-n4b7-ckg6
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
32
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7
50
url VCID-t81f-5b8z-hyht
vulnerability_id VCID-t81f-5b8z-hyht
summary 
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2017-001/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3j6f-5c14-uubc
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4qjj-wqg5-dbay
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-bwrh-updj-zkfs
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-njph-ua7r-auaq
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qmfy-dxag-uuex
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-sg62-98yy-2kd7
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xg74-3h1h-kqaf
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-37d1-tt74-yyfm
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9y5u-qyzd-3ud9
8
vulnerability VCID-a7cf-kpzy-xudd
9
vulnerability VCID-aygc-4nhm-n7eq
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-fm87-te3v-pkc8
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-h1y5-n4b7-ckg6
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-y8et-m846-2fc6
33
vulnerability VCID-zdge-zsmz-8ud9
34
vulnerability VCID-znbg-16r4-6ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
aliases SS-2017-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht
51
url VCID-tv7h-289s-xub4
vulnerability_id VCID-tv7h-289s-xub4
summary 
Improper Restriction of XML External Entity Reference
SilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.5767
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57618
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-25817
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-25817
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
reference_id CVE-2020-25817
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
8
reference_url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
reference_id GHSA-3vjc-5x79-m9r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-uy47-3s8a-hbdn
13
vulnerability VCID-xm4q-u96p-57dd
14
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-uy47-3s8a-hbdn
13
vulnerability VCID-xm4q-u96p-57dd
14
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-25817, GHSA-3vjc-5x79-m9r8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4
52
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57206
published_at 2026-06-05T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-9y5u-qyzd-3ud9
2
vulnerability VCID-a7cf-kpzy-xudd
3
vulnerability VCID-gnpw-s9hp-wqfs
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-tv7h-289s-xub4
8
vulnerability VCID-uy47-3s8a-hbdn
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
53
url VCID-uy47-3s8a-hbdn
vulnerability_id VCID-uy47-3s8a-hbdn
summary 
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55551
published_at 2026-06-05T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55495
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2022-37421
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
reference_id CVE-2022-37421
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
9
reference_url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
reference_id GHSA-pp74-g2q5-j4jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
fixed_packages
0
url pkg:composer/silverstripe/framework@4.11.3
purl pkg:composer/silverstripe/framework@4.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7gak-15m5-j3f5
1
vulnerability VCID-7w7t-3783-1kbs
2
vulnerability VCID-9t4k-8hsz-bfdw
3
vulnerability VCID-9y5u-qyzd-3ud9
4
vulnerability VCID-a7cf-kpzy-xudd
5
vulnerability VCID-ca4q-xd4v-vqfe
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-xm4q-u96p-57dd
8
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3
aliases CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy47-3s8a-hbdn
54
url VCID-uyxp-7fh1-77cg
vulnerability_id VCID-uyxp-7fh1-77cg
summary 
Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sfyd-qn7r-eqdg
46
vulnerability VCID-sg62-98yy-2kd7
47
vulnerability VCID-t81f-5b8z-hyht
48
vulnerability VCID-tv7h-289s-xub4
49
vulnerability VCID-twrb-6j51-aqcy
50
vulnerability VCID-umhc-fdfh-1fdx
51
vulnerability VCID-uy47-3s8a-hbdn
52
vulnerability VCID-vatm-1vbd-bfam
53
vulnerability VCID-wgdv-etcq-3qhw
54
vulnerability VCID-xg74-3h1h-kqaf
55
vulnerability VCID-xsgv-a7bd-fqh8
56
vulnerability VCID-y8et-m846-2fc6
57
vulnerability VCID-yfuu-th6b-nba4
58
vulnerability VCID-z28b-1yrx-1bbn
59
vulnerability VCID-zca8-91sf-qkb4
60
vulnerability VCID-zckr-zxq4-jyev
61
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-014-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg
55
url VCID-wgdv-etcq-3qhw
vulnerability_id VCID-wgdv-etcq-3qhw
summary 
Improper Input Validation
In SilverStripe, a FormField with square brackets in the field name skips validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52854
published_at 2026-06-04T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52915
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26138
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id CVE-2020-26138
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
8
reference_url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
reference_id GHSA-7mv4-4xpg-xq44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-uy47-3s8a-hbdn
13
vulnerability VCID-xm4q-u96p-57dd
14
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-uy47-3s8a-hbdn
13
vulnerability VCID-xm4q-u96p-57dd
14
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw
56
url VCID-wmfv-vtnz-bkad
vulnerability_id VCID-wmfv-vtnz-bkad
summary Potential SQL Injection Vulnerability in silverstripe.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-8m1h-utem-jud3
9
vulnerability VCID-96f5-5qyr-g7d5
10
vulnerability VCID-9hf4-djcv-67d7
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-at1s-qxsg-5yfs
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-b7xq-cz8w-ubgm
16
vulnerability VCID-b95v-49p7-fkas
17
vulnerability VCID-c437-w2zy-y7c9
18
vulnerability VCID-c6bz-jwhm-vkgp
19
vulnerability VCID-cmwn-cjff-9qau
20
vulnerability VCID-cqjc-tsv5-7beg
21
vulnerability VCID-ecy2-x3a9-qbbx
22
vulnerability VCID-evh4-xq48-4fa6
23
vulnerability VCID-ewg1-jqza-eyez
24
vulnerability VCID-ggbg-8mtc-hudc
25
vulnerability VCID-gkkp-9fm7-jfaz
26
vulnerability VCID-gnpw-s9hp-wqfs
27
vulnerability VCID-h4k6-fruf-uqff
28
vulnerability VCID-hcuz-gz3w-97ew
29
vulnerability VCID-heyh-s54f-8qap
30
vulnerability VCID-hnme-cqff-c7dp
31
vulnerability VCID-m5rs-qptc-vued
32
vulnerability VCID-mkex-ht2r-cucz
33
vulnerability VCID-n4fk-735u-2baw
34
vulnerability VCID-nu3h-nb1g-67bs
35
vulnerability VCID-nute-ndg2-z7ev
36
vulnerability VCID-pkve-yjqy-syc2
37
vulnerability VCID-q939-fszs-wfdp
38
vulnerability VCID-qdwg-f2bx-1bay
39
vulnerability VCID-qmfy-dxag-uuex
40
vulnerability VCID-r1eg-dwej-5kau
41
vulnerability VCID-sfyd-qn7r-eqdg
42
vulnerability VCID-sg62-98yy-2kd7
43
vulnerability VCID-t81f-5b8z-hyht
44
vulnerability VCID-tv7h-289s-xub4
45
vulnerability VCID-umhc-fdfh-1fdx
46
vulnerability VCID-uy47-3s8a-hbdn
47
vulnerability VCID-wgdv-etcq-3qhw
48
vulnerability VCID-xg74-3h1h-kqaf
49
vulnerability VCID-xsgv-a7bd-fqh8
50
vulnerability VCID-y8et-m846-2fc6
51
vulnerability VCID-yfuu-th6b-nba4
52
vulnerability VCID-z28b-1yrx-1bbn
53
vulnerability VCID-zca8-91sf-qkb4
54
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-4n9x-x4kd-jyfu
7
vulnerability VCID-554z-dzgc-2fgz
8
vulnerability VCID-7ek4-6y31-1qcs
9
vulnerability VCID-7hxq-cp29-r7dh
10
vulnerability VCID-8m1h-utem-jud3
11
vulnerability VCID-9hf4-djcv-67d7
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-at1s-qxsg-5yfs
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-b7xq-cz8w-ubgm
17
vulnerability VCID-b95v-49p7-fkas
18
vulnerability VCID-c437-w2zy-y7c9
19
vulnerability VCID-c6bz-jwhm-vkgp
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-cqjc-tsv5-7beg
22
vulnerability VCID-ecy2-x3a9-qbbx
23
vulnerability VCID-evh4-xq48-4fa6
24
vulnerability VCID-ewg1-jqza-eyez
25
vulnerability VCID-ggbg-8mtc-hudc
26
vulnerability VCID-gkkp-9fm7-jfaz
27
vulnerability VCID-gnpw-s9hp-wqfs
28
vulnerability VCID-h4k6-fruf-uqff
29
vulnerability VCID-hcuz-gz3w-97ew
30
vulnerability VCID-heyh-s54f-8qap
31
vulnerability VCID-hnhv-qx7p-wqcw
32
vulnerability VCID-hnme-cqff-c7dp
33
vulnerability VCID-m5rs-qptc-vued
34
vulnerability VCID-mkex-ht2r-cucz
35
vulnerability VCID-n4fk-735u-2baw
36
vulnerability VCID-nu3h-nb1g-67bs
37
vulnerability VCID-nute-ndg2-z7ev
38
vulnerability VCID-pkve-yjqy-syc2
39
vulnerability VCID-q939-fszs-wfdp
40
vulnerability VCID-qdwg-f2bx-1bay
41
vulnerability VCID-qj5k-bcw3-5fgq
42
vulnerability VCID-qmfy-dxag-uuex
43
vulnerability VCID-r1eg-dwej-5kau
44
vulnerability VCID-rrmd-ud59-ffbp
45
vulnerability VCID-sfyd-qn7r-eqdg
46
vulnerability VCID-sg62-98yy-2kd7
47
vulnerability VCID-t81f-5b8z-hyht
48
vulnerability VCID-tv7h-289s-xub4
49
vulnerability VCID-twrb-6j51-aqcy
50
vulnerability VCID-umhc-fdfh-1fdx
51
vulnerability VCID-uy47-3s8a-hbdn
52
vulnerability VCID-vatm-1vbd-bfam
53
vulnerability VCID-wgdv-etcq-3qhw
54
vulnerability VCID-xg74-3h1h-kqaf
55
vulnerability VCID-xsgv-a7bd-fqh8
56
vulnerability VCID-y8et-m846-2fc6
57
vulnerability VCID-yfuu-th6b-nba4
58
vulnerability VCID-z28b-1yrx-1bbn
59
vulnerability VCID-zca8-91sf-qkb4
60
vulnerability VCID-zckr-zxq4-jyev
61
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-011-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad
57
url VCID-xg74-3h1h-kqaf
vulnerability_id VCID-xg74-3h1h-kqaf
summary 
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36088
published_at 2026-06-05T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.35994
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-ca4q-xd4v-vqfe
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-fmfu-81xu-pfdy
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-n4fk-735u-2baw
16
vulnerability VCID-nzcm-xbxx-wyf9
17
vulnerability VCID-pkve-yjqy-syc2
18
vulnerability VCID-qmfy-dxag-uuex
19
vulnerability VCID-ru3j-21j8-ayhm
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-uy47-3s8a-hbdn
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xm4q-u96p-57dd
24
vulnerability VCID-y8et-m846-2fc6
25
vulnerability VCID-ytbc-8mhd-b3fc
26
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf
58
url VCID-xsgv-a7bd-fqh8
vulnerability_id VCID-xsgv-a7bd-fqh8
summary 
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side

HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed).

This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-027
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2015-027
3
reference_url https://github.com/advisories/GHSA-qp29-wcc2-vmpc
reference_id GHSA-qp29-wcc2-vmpc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp29-wcc2-vmpc
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
aliases GHSA-qp29-wcc2-vmpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsgv-a7bd-fqh8
59
url VCID-y8et-m846-2fc6
vulnerability_id VCID-y8et-m846-2fc6
summary 
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49005
published_at 2026-06-04T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49066
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id CVE-2019-12245.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
9
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-u9e7-1zhg-mygt
16
vulnerability VCID-umhc-fdfh-1fdx
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qmfy-dxag-uuex
13
vulnerability VCID-r1eg-dwej-5kau
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-umhc-fdfh-1fdx
16
vulnerability VCID-uy47-3s8a-hbdn
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xg74-3h1h-kqaf
19
vulnerability VCID-y8et-m846-2fc6
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-7gak-15m5-j3f5
3
vulnerability VCID-7w7t-3783-1kbs
4
vulnerability VCID-9t4k-8hsz-bfdw
5
vulnerability VCID-9y5u-qyzd-3ud9
6
vulnerability VCID-a7cf-kpzy-xudd
7
vulnerability VCID-ca4q-xd4v-vqfe
8
vulnerability VCID-fmfu-81xu-pfdy
9
vulnerability VCID-gnpw-s9hp-wqfs
10
vulnerability VCID-hcuz-gz3w-97ew
11
vulnerability VCID-n4fk-735u-2baw
12
vulnerability VCID-nzcm-xbxx-wyf9
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-7gak-15m5-j3f5
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-9t4k-8hsz-bfdw
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-ca4q-xd4v-vqfe
9
vulnerability VCID-fmfu-81xu-pfdy
10
vulnerability VCID-gnpw-s9hp-wqfs
11
vulnerability VCID-hcuz-gz3w-97ew
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-pkve-yjqy-syc2
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-ru3j-21j8-ayhm
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-uy47-3s8a-hbdn
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-ytbc-8mhd-b3fc
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6
60
url VCID-yfuu-th6b-nba4
vulnerability_id VCID-yfuu-th6b-nba4
summary 
Cross-site Scripting
Form field validation message XSS vulnerability.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-a7cf-kpzy-xudd
2
vulnerability VCID-gnpw-s9hp-wqfs
3
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfuu-th6b-nba4
61
url VCID-z28b-1yrx-1bbn
vulnerability_id VCID-z28b-1yrx-1bbn
summary 
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-008/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-xsgv-a7bd-fqh8
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-9hf4-djcv-67d7
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-a7cf-kpzy-xudd
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-hcuz-gz3w-97ew
14
vulnerability VCID-hnme-cqff-c7dp
15
vulnerability VCID-mkex-ht2r-cucz
16
vulnerability VCID-n4fk-735u-2baw
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-pkve-yjqy-syc2
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-qj5k-bcw3-5fgq
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-uy47-3s8a-hbdn
28
vulnerability VCID-wgdv-etcq-3qhw
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3j6f-5c14-uubc
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4qjj-wqg5-dbay
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-bwrh-updj-zkfs
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-njph-ua7r-auaq
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qj5k-bcw3-5fgq
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-uy47-3s8a-hbdn
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-9y5u-qyzd-3ud9
3
vulnerability VCID-a7cf-kpzy-xudd
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-gnpw-s9hp-wqfs
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-008
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn
62
url VCID-zca8-91sf-qkb4
vulnerability_id VCID-zca8-91sf-qkb4
summary 
Silverstripe Form field validation message XSS vulnerability
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.

Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-026
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2015-026
5
reference_url https://github.com/advisories/GHSA-j982-5jv7-v43r
reference_id GHSA-j982-5jv7-v43r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j982-5jv7-v43r
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.16
purl pkg:composer/silverstripe/framework@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-9hf4-djcv-67d7
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-at1s-qxsg-5yfs
12
vulnerability VCID-b6nm-cphj-wfgw
13
vulnerability VCID-b95v-49p7-fkas
14
vulnerability VCID-c437-w2zy-y7c9
15
vulnerability VCID-c6bz-jwhm-vkgp
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-cqjc-tsv5-7beg
18
vulnerability VCID-ecy2-x3a9-qbbx
19
vulnerability VCID-evh4-xq48-4fa6
20
vulnerability VCID-ewg1-jqza-eyez
21
vulnerability VCID-ggbg-8mtc-hudc
22
vulnerability VCID-gkkp-9fm7-jfaz
23
vulnerability VCID-gnpw-s9hp-wqfs
24
vulnerability VCID-hcuz-gz3w-97ew
25
vulnerability VCID-heyh-s54f-8qap
26
vulnerability VCID-hnhv-qx7p-wqcw
27
vulnerability VCID-hnme-cqff-c7dp
28
vulnerability VCID-m5rs-qptc-vued
29
vulnerability VCID-mkex-ht2r-cucz
30
vulnerability VCID-n4fk-735u-2baw
31
vulnerability VCID-nute-ndg2-z7ev
32
vulnerability VCID-pkve-yjqy-syc2
33
vulnerability VCID-q939-fszs-wfdp
34
vulnerability VCID-qdwg-f2bx-1bay
35
vulnerability VCID-qj5k-bcw3-5fgq
36
vulnerability VCID-qmfy-dxag-uuex
37
vulnerability VCID-r1eg-dwej-5kau
38
vulnerability VCID-rrmd-ud59-ffbp
39
vulnerability VCID-sg62-98yy-2kd7
40
vulnerability VCID-t81f-5b8z-hyht
41
vulnerability VCID-tv7h-289s-xub4
42
vulnerability VCID-umhc-fdfh-1fdx
43
vulnerability VCID-uy47-3s8a-hbdn
44
vulnerability VCID-vatm-1vbd-bfam
45
vulnerability VCID-wgdv-etcq-3qhw
46
vulnerability VCID-xg74-3h1h-kqaf
47
vulnerability VCID-xsgv-a7bd-fqh8
48
vulnerability VCID-y8et-m846-2fc6
49
vulnerability VCID-z28b-1yrx-1bbn
50
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16
1
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-9hf4-djcv-67d7
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-at1s-qxsg-5yfs
11
vulnerability VCID-b6nm-cphj-wfgw
12
vulnerability VCID-b95v-49p7-fkas
13
vulnerability VCID-c437-w2zy-y7c9
14
vulnerability VCID-c6bz-jwhm-vkgp
15
vulnerability VCID-cmwn-cjff-9qau
16
vulnerability VCID-cqjc-tsv5-7beg
17
vulnerability VCID-ecy2-x3a9-qbbx
18
vulnerability VCID-evh4-xq48-4fa6
19
vulnerability VCID-ewg1-jqza-eyez
20
vulnerability VCID-ggbg-8mtc-hudc
21
vulnerability VCID-gkkp-9fm7-jfaz
22
vulnerability VCID-gnpw-s9hp-wqfs
23
vulnerability VCID-hcuz-gz3w-97ew
24
vulnerability VCID-heyh-s54f-8qap
25
vulnerability VCID-hnhv-qx7p-wqcw
26
vulnerability VCID-hnme-cqff-c7dp
27
vulnerability VCID-m5rs-qptc-vued
28
vulnerability VCID-mkex-ht2r-cucz
29
vulnerability VCID-n4fk-735u-2baw
30
vulnerability VCID-nute-ndg2-z7ev
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-q939-fszs-wfdp
33
vulnerability VCID-qdwg-f2bx-1bay
34
vulnerability VCID-qj5k-bcw3-5fgq
35
vulnerability VCID-qmfy-dxag-uuex
36
vulnerability VCID-r1eg-dwej-5kau
37
vulnerability VCID-rrmd-ud59-ffbp
38
vulnerability VCID-sg62-98yy-2kd7
39
vulnerability VCID-t81f-5b8z-hyht
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-umhc-fdfh-1fdx
42
vulnerability VCID-uy47-3s8a-hbdn
43
vulnerability VCID-vatm-1vbd-bfam
44
vulnerability VCID-wgdv-etcq-3qhw
45
vulnerability VCID-xg74-3h1h-kqaf
46
vulnerability VCID-y8et-m846-2fc6
47
vulnerability VCID-z28b-1yrx-1bbn
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
aliases GHSA-j982-5jv7-v43r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zca8-91sf-qkb4
63
url VCID-zdge-zsmz-8ud9
vulnerability_id VCID-zdge-zsmz-8ud9
summary 
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.1724
published_at 2026-06-04T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17318
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22728
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
reference_id CVE-2023-22728
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
6
reference_url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9y5u-qyzd-3ud9
1
vulnerability VCID-gnpw-s9hp-wqfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.8