Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.1.0-beta3
Typecomposer
Namespacesilverstripe
Nameframework
Version3.1.0-beta3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.10.9
Latest_non_vulnerable_version5.3.23
Affected_by_vulnerabilities
0
url VCID-1mmc-91gk-r3d3
vulnerability_id VCID-1mmc-91gk-r3d3
summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55605
published_at 2026-06-05T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55549
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/issues/8814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/issues/8814
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-021
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.7
purl pkg:composer/silverstripe/framework@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7
1
url pkg:composer/silverstripe/framework@3.7.3
purl pkg:composer/silverstripe/framework@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3
2
url pkg:composer/silverstripe/framework@4.0.7
purl pkg:composer/silverstripe/framework@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-fmfu-81xu-pfdy
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-nzcm-xbxx-wyf9
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-ru3j-21j8-ayhm
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
17
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7
3
url pkg:composer/silverstripe/framework@4.1.5
purl pkg:composer/silverstripe/framework@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-fmfu-81xu-pfdy
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-nzcm-xbxx-wyf9
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-ru3j-21j8-ayhm
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
17
vulnerability VCID-ytbc-8mhd-b3fc
18
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5
4
url pkg:composer/silverstripe/framework@4.2.4
purl pkg:composer/silverstripe/framework@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-fmfu-81xu-pfdy
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-nzcm-xbxx-wyf9
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-ru3j-21j8-ayhm
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
17
vulnerability VCID-ytbc-8mhd-b3fc
18
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4
5
url pkg:composer/silverstripe/framework@4.3.1
purl pkg:composer/silverstripe/framework@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-fmfu-81xu-pfdy
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-nzcm-xbxx-wyf9
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-ru3j-21j8-ayhm
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
17
vulnerability VCID-ytbc-8mhd-b3fc
18
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1
aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3
1
url VCID-1p79-328x-sueq
vulnerability_id VCID-1p79-328x-sueq
summary 
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57671
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57619
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-41559
7
reference_url https://github.com/advisories/GHSA-9fmg-89fx-r33w
reference_id GHSA-9fmg-89fx-r33w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fmg-89fx-r33w
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.9
purl pkg:composer/silverstripe/framework@4.10.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9
1
url pkg:composer/silverstripe/framework@4.11.0-beta1
purl pkg:composer/silverstripe/framework@4.11.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1
aliases CVE-2021-41559, GHSA-9fmg-89fx-r33w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq
2
url VCID-1uhv-fetz-j7fd
vulnerability_id VCID-1uhv-fetz-j7fd
summary 
XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-001
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-001
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatg-guxu-2ud7
31
vulnerability VCID-wgdv-etcq-3qhw
32
vulnerability VCID-xg74-3h1h-kqaf
33
vulnerability VCID-y6gd-vy49-17b4
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-n1mj-u4yk-jqhn
21
vulnerability VCID-n4fk-735u-2baw
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-vatg-guxu-2ud7
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y6gd-vy49-17b4
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-czh2-w6fk-xqd6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-n1mj-u4yk-jqhn
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-pkve-yjqy-syc2
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-sg62-98yy-2kd7
29
vulnerability VCID-t81f-5b8z-hyht
30
vulnerability VCID-tv7h-289s-xub4
31
vulnerability VCID-umhc-fdfh-1fdx
32
vulnerability VCID-vatg-guxu-2ud7
33
vulnerability VCID-wgdv-etcq-3qhw
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y6gd-vy49-17b4
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-f4hv-79km-3ygt
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-sg62-98yy-2kd7
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-wgdv-etcq-3qhw
30
vulnerability VCID-xg74-3h1h-kqaf
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd
3
url VCID-36z3-nafq-6kez
vulnerability_id VCID-36z3-nafq-6kez
summary 
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-001/
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-016
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez
4
url VCID-3x46-q9cb-7ubg
vulnerability_id VCID-3x46-q9cb-7ubg
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60505
published_at 2026-06-04T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60553
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
3
reference_url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
reference_id GHSA-fwhr-g5r4-xgxf
reference_type
scores
url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5-beta1
purl pkg:composer/silverstripe/framework@3.5.5-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1
1
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
2
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
3
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg
5
url VCID-4n9x-x4kd-jyfu
vulnerability_id VCID-4n9x-x4kd-jyfu
summary 
XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.16
purl pkg:composer/silverstripe/framework@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-cqjc-tsv5-7beg
14
vulnerability VCID-ecy2-x3a9-qbbx
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-heyh-s54f-8qap
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-ggbg-8mtc-hudc
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-h4k6-fruf-uqff
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-pkve-yjqy-syc2
26
vulnerability VCID-q939-fszs-wfdp
27
vulnerability VCID-qdwg-f2bx-1bay
28
vulnerability VCID-qmfy-dxag-uuex
29
vulnerability VCID-r1eg-dwej-5kau
30
vulnerability VCID-sg62-98yy-2kd7
31
vulnerability VCID-t81f-5b8z-hyht
32
vulnerability VCID-tv7h-289s-xub4
33
vulnerability VCID-umhc-fdfh-1fdx
34
vulnerability VCID-wgdv-etcq-3qhw
35
vulnerability VCID-xg74-3h1h-kqaf
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-yfuu-th6b-nba4
38
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-cqjc-tsv5-7beg
14
vulnerability VCID-ecy2-x3a9-qbbx
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-heyh-s54f-8qap
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9x-x4kd-jyfu
6
url VCID-7ek4-6y31-1qcs
vulnerability_id VCID-7ek4-6y31-1qcs
summary 
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-014
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs
7
url VCID-7hxq-cp29-r7dh
vulnerability_id VCID-7hxq-cp29-r7dh
summary 
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57587
published_at 2026-06-05T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57535
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-pkve-yjqy-syc2
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-ru3j-21j8-ayhm
8
vulnerability VCID-tv7h-289s-xub4
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh
8
url VCID-at1s-qxsg-5yfs
vulnerability_id VCID-at1s-qxsg-5yfs
summary 
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-015
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs
9
url VCID-b6nm-cphj-wfgw
vulnerability_id VCID-b6nm-cphj-wfgw
summary 
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53948
published_at 2026-06-04T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54005
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
reference_id CVE-2019-12617
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
10
reference_url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
reference_id GHSA-6r58-4xgr-gm6m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-pkve-yjqy-syc2
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-ru3j-21j8-ayhm
8
vulnerability VCID-tv7h-289s-xub4
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw
10
url VCID-b7xq-cz8w-ubgm
vulnerability_id VCID-b7xq-cz8w-ubgm
summary 
Privilege Escalation
A member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.
references
0
reference_url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
reference_id
reference_type
scores
url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-hnhv-qx7p-wqcw
21
vulnerability VCID-hnme-cqff-c7dp
22
vulnerability VCID-m5rs-qptc-vued
23
vulnerability VCID-mkex-ht2r-cucz
24
vulnerability VCID-n4fk-735u-2baw
25
vulnerability VCID-nu3h-nb1g-67bs
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-yfuu-th6b-nba4
42
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases SS-2015-020
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7xq-cz8w-ubgm
11
url VCID-b95v-49p7-fkas
vulnerability_id VCID-b95v-49p7-fkas
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59498
published_at 2026-06-05T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
6
reference_url https://github.com/advisories/GHSA-j696-6m57-mcrv
reference_id GHSA-j696-6m57-mcrv
reference_type
scores
url https://github.com/advisories/GHSA-j696-6m57-mcrv
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
1
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qdwg-f2bx-1bay
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas
12
url VCID-c437-w2zy-y7c9
vulnerability_id VCID-c437-w2zy-y7c9
summary 
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.10-stable
purl pkg:composer/silverstripe/framework@3.4.10-stable
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9
13
url VCID-c6bz-jwhm-vkgp
vulnerability_id VCID-c6bz-jwhm-vkgp
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5014
published_at 2026-06-04T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.50201
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-sg62-98yy-2kd7
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.4.4
purl pkg:composer/silverstripe/framework@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-sg62-98yy-2kd7
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4
2
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-sg62-98yy-2kd7
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
3
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-umhc-fdfh-1fdx
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xg74-3h1h-kqaf
19
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp
14
url VCID-cmwn-cjff-9qau
vulnerability_id VCID-cmwn-cjff-9qau
summary 
Session Fixation
SilverStripe allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17184
published_at 2026-06-05T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
reference_id CVE-2019-12203
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
10
reference_url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
reference_id GHSA-w7r7-r8r9-vrg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-pkve-yjqy-syc2
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-ru3j-21j8-ayhm
8
vulnerability VCID-tv7h-289s-xub4
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau
15
url VCID-evh4-xq48-4fa6
vulnerability_id VCID-evh4-xq48-4fa6
summary 
Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-005
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-005
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatg-guxu-2ud7
31
vulnerability VCID-wgdv-etcq-3qhw
32
vulnerability VCID-xg74-3h1h-kqaf
33
vulnerability VCID-y6gd-vy49-17b4
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-n1mj-u4yk-jqhn
21
vulnerability VCID-n4fk-735u-2baw
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-vatg-guxu-2ud7
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y6gd-vy49-17b4
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-czh2-w6fk-xqd6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-n1mj-u4yk-jqhn
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-pkve-yjqy-syc2
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-sg62-98yy-2kd7
29
vulnerability VCID-t81f-5b8z-hyht
30
vulnerability VCID-tv7h-289s-xub4
31
vulnerability VCID-umhc-fdfh-1fdx
32
vulnerability VCID-vatg-guxu-2ud7
33
vulnerability VCID-wgdv-etcq-3qhw
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y6gd-vy49-17b4
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-f4hv-79km-3ygt
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-sg62-98yy-2kd7
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-wgdv-etcq-3qhw
30
vulnerability VCID-xg74-3h1h-kqaf
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6
16
url VCID-ewg1-jqza-eyez
vulnerability_id VCID-ewg1-jqza-eyez
summary 
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez
17
url VCID-ggbg-8mtc-hudc
vulnerability_id VCID-ggbg-8mtc-hudc
summary 
XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-004
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatg-guxu-2ud7
31
vulnerability VCID-wgdv-etcq-3qhw
32
vulnerability VCID-xg74-3h1h-kqaf
33
vulnerability VCID-y6gd-vy49-17b4
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-n1mj-u4yk-jqhn
21
vulnerability VCID-n4fk-735u-2baw
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-vatg-guxu-2ud7
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y6gd-vy49-17b4
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-czh2-w6fk-xqd6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-n1mj-u4yk-jqhn
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-pkve-yjqy-syc2
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-sg62-98yy-2kd7
29
vulnerability VCID-t81f-5b8z-hyht
30
vulnerability VCID-tv7h-289s-xub4
31
vulnerability VCID-umhc-fdfh-1fdx
32
vulnerability VCID-vatg-guxu-2ud7
33
vulnerability VCID-wgdv-etcq-3qhw
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y6gd-vy49-17b4
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-f4hv-79km-3ygt
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-sg62-98yy-2kd7
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-wgdv-etcq-3qhw
30
vulnerability VCID-xg74-3h1h-kqaf
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-004
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc
18
url VCID-gkkp-9fm7-jfaz
vulnerability_id VCID-gkkp-9fm7-jfaz
summary 
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz
19
url VCID-h4k6-fruf-uqff
vulnerability_id VCID-h4k6-fruf-uqff
summary 
Insufficient sanitization in "Add from URL"
"Add from URL" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-cqjc-tsv5-7beg
14
vulnerability VCID-ecy2-x3a9-qbbx
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-heyh-s54f-8qap
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4k6-fruf-uqff
20
url VCID-hcuz-gz3w-97ew
vulnerability_id VCID-hcuz-gz3w-97ew
summary Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
2
reference_url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
reference_id CVE-2022-0227
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
4
reference_url https://github.com/advisories/GHSA-32m2-9f76-4gv8
reference_id GHSA-32m2-9f76-4gv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32m2-9f76-4gv8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.1
purl pkg:composer/silverstripe/framework@4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1
aliases CVE-2022-0227, GHSA-32m2-9f76-4gv8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew
21
url VCID-hnme-cqff-c7dp
vulnerability_id VCID-hnme-cqff-c7dp
summary 
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-010/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hcuz-gz3w-97ew
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-n4fk-735u-2baw
11
vulnerability VCID-nute-ndg2-z7ev
12
vulnerability VCID-pkve-yjqy-syc2
13
vulnerability VCID-qdwg-f2bx-1bay
14
vulnerability VCID-qmfy-dxag-uuex
15
vulnerability VCID-r1eg-dwej-5kau
16
vulnerability VCID-sg62-98yy-2kd7
17
vulnerability VCID-t81f-5b8z-hyht
18
vulnerability VCID-tv7h-289s-xub4
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-wgdv-etcq-3qhw
21
vulnerability VCID-xg74-3h1h-kqaf
22
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-010
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp
22
url VCID-m5rs-qptc-vued
vulnerability_id VCID-m5rs-qptc-vued
summary 
Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
1
reference_url http://stackoverflow.com/a/15350123
reference_id
reference_type
scores
url http://stackoverflow.com/a/15350123
2
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-006
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatg-guxu-2ud7
31
vulnerability VCID-wgdv-etcq-3qhw
32
vulnerability VCID-xg74-3h1h-kqaf
33
vulnerability VCID-y6gd-vy49-17b4
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-n1mj-u4yk-jqhn
21
vulnerability VCID-n4fk-735u-2baw
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-vatg-guxu-2ud7
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y6gd-vy49-17b4
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-czh2-w6fk-xqd6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-n1mj-u4yk-jqhn
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-pkve-yjqy-syc2
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-sg62-98yy-2kd7
29
vulnerability VCID-t81f-5b8z-hyht
30
vulnerability VCID-tv7h-289s-xub4
31
vulnerability VCID-umhc-fdfh-1fdx
32
vulnerability VCID-vatg-guxu-2ud7
33
vulnerability VCID-wgdv-etcq-3qhw
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y6gd-vy49-17b4
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-f4hv-79km-3ygt
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-sg62-98yy-2kd7
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-wgdv-etcq-3qhw
30
vulnerability VCID-xg74-3h1h-kqaf
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued
23
url VCID-mkex-ht2r-cucz
vulnerability_id VCID-mkex-ht2r-cucz
summary 
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56702
published_at 2026-06-04T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56754
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
9
reference_url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
reference_id GHSA-43jj-2rwc-2m3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-pkve-yjqy-syc2
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-ru3j-21j8-ayhm
8
vulnerability VCID-tv7h-289s-xub4
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz
24
url VCID-n4fk-735u-2baw
vulnerability_id VCID-n4fk-735u-2baw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.5931
published_at 2026-06-05T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.5926
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
6
reference_url https://github.com/advisories/GHSA-j66h-cc96-c32q
reference_id GHSA-j66h-cc96-c32q
reference_type
scores
url https://github.com/advisories/GHSA-j66h-cc96-c32q
fixed_packages
0
url pkg:composer/silverstripe/framework@4.9.0-alpha1
purl pkg:composer/silverstripe/framework@4.9.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1
1
url pkg:composer/silverstripe/framework@4.9.0
purl pkg:composer/silverstripe/framework@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0
aliases CVE-2021-36150, GHSA-j66h-cc96-c32q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw
25
url VCID-nu3h-nb1g-67bs
vulnerability_id VCID-nu3h-nb1g-67bs
summary 
Improper Input Validation
`HtmlEditor` improper URL sanitisation.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-cqjc-tsv5-7beg
14
vulnerability VCID-ecy2-x3a9-qbbx
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-heyh-s54f-8qap
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3h-nb1g-67bs
26
url VCID-nute-ndg2-z7ev
vulnerability_id VCID-nute-ndg2-z7ev
summary 
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59631
published_at 2026-06-04T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59681
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
9
reference_url https://github.com/advisories/GHSA-rfvw-5848-gxc5
reference_id GHSA-rfvw-5848-gxc5
reference_type
scores
url https://github.com/advisories/GHSA-rfvw-5848-gxc5
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-pkve-yjqy-syc2
6
vulnerability VCID-qmfy-dxag-uuex
7
vulnerability VCID-ru3j-21j8-ayhm
8
vulnerability VCID-tv7h-289s-xub4
9
vulnerability VCID-wgdv-etcq-3qhw
10
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev
27
url VCID-pkve-yjqy-syc2
vulnerability_id VCID-pkve-yjqy-syc2
summary 
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43423
published_at 2026-06-05T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.4335
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
8
reference_url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
reference_id GHSA-q9ff-3q93-fm8m
reference_type
scores
url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-hcuz-gz3w-97ew
2
vulnerability VCID-n4fk-735u-2baw
3
vulnerability VCID-qmfy-dxag-uuex
4
vulnerability VCID-tv7h-289s-xub4
5
vulnerability VCID-wgdv-etcq-3qhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
1
url pkg:composer/silverstripe/framework@4.4.7
purl pkg:composer/silverstripe/framework@4.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-qmfy-dxag-uuex
6
vulnerability VCID-tv7h-289s-xub4
7
vulnerability VCID-wgdv-etcq-3qhw
8
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7
2
url pkg:composer/silverstripe/framework@4.5.4
purl pkg:composer/silverstripe/framework@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-qmfy-dxag-uuex
6
vulnerability VCID-tv7h-289s-xub4
7
vulnerability VCID-wgdv-etcq-3qhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4
aliases CVE-2019-19326, GHSA-q9ff-3q93-fm8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2
28
url VCID-q939-fszs-wfdp
vulnerability_id VCID-q939-fszs-wfdp
summary 
CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-029
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-029
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-pkve-yjqy-syc2
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-qmfy-dxag-uuex
25
vulnerability VCID-r1eg-dwej-5kau
26
vulnerability VCID-sg62-98yy-2kd7
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatg-guxu-2ud7
31
vulnerability VCID-wgdv-etcq-3qhw
32
vulnerability VCID-xg74-3h1h-kqaf
33
vulnerability VCID-y6gd-vy49-17b4
34
vulnerability VCID-y8et-m846-2fc6
35
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-hnme-cqff-c7dp
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-n1mj-u4yk-jqhn
21
vulnerability VCID-n4fk-735u-2baw
22
vulnerability VCID-nute-ndg2-z7ev
23
vulnerability VCID-pkve-yjqy-syc2
24
vulnerability VCID-qdwg-f2bx-1bay
25
vulnerability VCID-qmfy-dxag-uuex
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-sg62-98yy-2kd7
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-tv7h-289s-xub4
30
vulnerability VCID-umhc-fdfh-1fdx
31
vulnerability VCID-vatg-guxu-2ud7
32
vulnerability VCID-wgdv-etcq-3qhw
33
vulnerability VCID-xg74-3h1h-kqaf
34
vulnerability VCID-y6gd-vy49-17b4
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-gkkp-9fm7-jfaz
14
vulnerability VCID-hcuz-gz3w-97ew
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n4fk-735u-2baw
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-pkve-yjqy-syc2
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-sg62-98yy-2kd7
24
vulnerability VCID-t81f-5b8z-hyht
25
vulnerability VCID-tv7h-289s-xub4
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-wgdv-etcq-3qhw
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4h4a-xgrk-d7ec
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-7jm4-cjg3-rkcz
9
vulnerability VCID-at1s-qxsg-5yfs
10
vulnerability VCID-b6nm-cphj-wfgw
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-czh2-w6fk-xqd6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-hcuz-gz3w-97ew
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-mkex-ht2r-cucz
21
vulnerability VCID-n1mj-u4yk-jqhn
22
vulnerability VCID-n4fk-735u-2baw
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-pkve-yjqy-syc2
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-sg62-98yy-2kd7
29
vulnerability VCID-t81f-5b8z-hyht
30
vulnerability VCID-tv7h-289s-xub4
31
vulnerability VCID-umhc-fdfh-1fdx
32
vulnerability VCID-vatg-guxu-2ud7
33
vulnerability VCID-wgdv-etcq-3qhw
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y6gd-vy49-17b4
36
vulnerability VCID-y8et-m846-2fc6
37
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3svb-wudn-aybz
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-f4hv-79km-3ygt
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-qmfy-dxag-uuex
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-sg62-98yy-2kd7
26
vulnerability VCID-t81f-5b8z-hyht
27
vulnerability VCID-tv7h-289s-xub4
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-wgdv-etcq-3qhw
30
vulnerability VCID-xg74-3h1h-kqaf
31
vulnerability VCID-y8et-m846-2fc6
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2015-029
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp
29
url VCID-qdwg-f2bx-1bay
vulnerability_id VCID-qdwg-f2bx-1bay
summary 
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43781
published_at 2026-06-05T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43711
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.exploit-db.com/exploits/43396
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43396
3
reference_url https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43396/
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
reference_id CVE-2017-18049
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6-rc1
purl pkg:composer/silverstripe/framework@3.5.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-tv7h-289s-xub4
13
vulnerability VCID-umhc-fdfh-1fdx
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1
1
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-tv7h-289s-xub4
13
vulnerability VCID-umhc-fdfh-1fdx
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
2
url pkg:composer/silverstripe/framework@3.6.3-rc2
purl pkg:composer/silverstripe/framework@3.6.3-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-tv7h-289s-xub4
13
vulnerability VCID-umhc-fdfh-1fdx
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2
3
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-hcuz-gz3w-97ew
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-pkve-yjqy-syc2
10
vulnerability VCID-qmfy-dxag-uuex
11
vulnerability VCID-r1eg-dwej-5kau
12
vulnerability VCID-tv7h-289s-xub4
13
vulnerability VCID-umhc-fdfh-1fdx
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
4
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
5
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-n4fk-735u-2baw
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-ru3j-21j8-ayhm
14
vulnerability VCID-tv7h-289s-xub4
15
vulnerability VCID-wgdv-etcq-3qhw
16
vulnerability VCID-xg74-3h1h-kqaf
17
vulnerability VCID-y8et-m846-2fc6
18
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay
30
url VCID-qmfy-dxag-uuex
vulnerability_id VCID-qmfy-dxag-uuex
summary 
Improper Authentication
In SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44223
published_at 2026-06-05T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26136
8
reference_url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
reference_id GHSA-mg2g-8pwj-r2j2
reference_type
scores
url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
aliases CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex
31
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42056
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
32
url VCID-sfyd-qn7r-eqdg
vulnerability_id VCID-sfyd-qn7r-eqdg
summary 
Silverstripe CMS Open Redirect
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
references
0
reference_url http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
1
reference_url http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5062
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57558
published_at 2026-06-04T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57611
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5062
3
reference_url https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419
4
reference_url https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5062
reference_id CVE-2015-5062
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5062
6
reference_url https://github.com/advisories/GHSA-fh35-p8ph-p545
reference_id GHSA-fh35-p8ph-p545
reference_type
scores
url https://github.com/advisories/GHSA-fh35-p8ph-p545
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14-rc1
purl pkg:composer/silverstripe/framework@3.1.14-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-4n9x-x4kd-jyfu
6
vulnerability VCID-7ek4-6y31-1qcs
7
vulnerability VCID-7hxq-cp29-r7dh
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b7xq-cz8w-ubgm
11
vulnerability VCID-b95v-49p7-fkas
12
vulnerability VCID-c437-w2zy-y7c9
13
vulnerability VCID-c6bz-jwhm-vkgp
14
vulnerability VCID-cmwn-cjff-9qau
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-h4k6-fruf-uqff
20
vulnerability VCID-hcuz-gz3w-97ew
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nu3h-nb1g-67bs
27
vulnerability VCID-nute-ndg2-z7ev
28
vulnerability VCID-pkve-yjqy-syc2
29
vulnerability VCID-q939-fszs-wfdp
30
vulnerability VCID-qdwg-f2bx-1bay
31
vulnerability VCID-qmfy-dxag-uuex
32
vulnerability VCID-r1eg-dwej-5kau
33
vulnerability VCID-rrmd-ud59-ffbp
34
vulnerability VCID-sg62-98yy-2kd7
35
vulnerability VCID-t81f-5b8z-hyht
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-twrb-6j51-aqcy
38
vulnerability VCID-umhc-fdfh-1fdx
39
vulnerability VCID-vatm-1vbd-bfam
40
vulnerability VCID-wgdv-etcq-3qhw
41
vulnerability VCID-xg74-3h1h-kqaf
42
vulnerability VCID-y8et-m846-2fc6
43
vulnerability VCID-yfuu-th6b-nba4
44
vulnerability VCID-z28b-1yrx-1bbn
45
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14-rc1
aliases CVE-2015-5062, GHSA-fh35-p8ph-p545
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyd-qn7r-eqdg
33
url VCID-sg62-98yy-2kd7
vulnerability_id VCID-sg62-98yy-2kd7
summary 
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37842
published_at 2026-06-05T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37751
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
4
reference_url https://github.com/silverstripe/silverstripe-graphql/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases
5
reference_url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
8
reference_url https://github.com/advisories/GHSA-r7rh-g777-g5gx
reference_id GHSA-r7rh-g777-g5gx
reference_type
scores
url https://github.com/advisories/GHSA-r7rh-g777-g5gx
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-tv7h-289s-xub4
16
vulnerability VCID-umhc-fdfh-1fdx
17
vulnerability VCID-wgdv-etcq-3qhw
18
vulnerability VCID-xg74-3h1h-kqaf
19
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7
34
url VCID-t81f-5b8z-hyht
vulnerability_id VCID-t81f-5b8z-hyht
summary 
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2017-001/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-sg62-98yy-2kd7
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-hcuz-gz3w-97ew
8
vulnerability VCID-mkex-ht2r-cucz
9
vulnerability VCID-n4fk-735u-2baw
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-pkve-yjqy-syc2
12
vulnerability VCID-qdwg-f2bx-1bay
13
vulnerability VCID-qmfy-dxag-uuex
14
vulnerability VCID-r1eg-dwej-5kau
15
vulnerability VCID-sg62-98yy-2kd7
16
vulnerability VCID-tv7h-289s-xub4
17
vulnerability VCID-umhc-fdfh-1fdx
18
vulnerability VCID-wgdv-etcq-3qhw
19
vulnerability VCID-xg74-3h1h-kqaf
20
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
aliases SS-2017-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht
35
url VCID-tv7h-289s-xub4
vulnerability_id VCID-tv7h-289s-xub4
summary 
Improper Restriction of XML External Entity Reference
SilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.5767
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57618
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-25817
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-25817
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
reference_id CVE-2020-25817
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
8
reference_url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
reference_id GHSA-3vjc-5x79-m9r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-25817, GHSA-3vjc-5x79-m9r8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4
36
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57206
published_at 2026-06-05T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-hcuz-gz3w-97ew
2
vulnerability VCID-n4fk-735u-2baw
3
vulnerability VCID-qmfy-dxag-uuex
4
vulnerability VCID-tv7h-289s-xub4
5
vulnerability VCID-wgdv-etcq-3qhw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
37
url VCID-wgdv-etcq-3qhw
vulnerability_id VCID-wgdv-etcq-3qhw
summary 
Improper Input Validation
In SilverStripe, a FormField with square brackets in the field name skips validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52854
published_at 2026-06-04T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52915
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26138
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id CVE-2020-26138
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
8
reference_url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
reference_id GHSA-7mv4-4xpg-xq44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw
38
url VCID-xg74-3h1h-kqaf
vulnerability_id VCID-xg74-3h1h-kqaf
summary 
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36088
published_at 2026-06-05T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.35994
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-cmwn-cjff-9qau
5
vulnerability VCID-fmfu-81xu-pfdy
6
vulnerability VCID-hcuz-gz3w-97ew
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-n4fk-735u-2baw
9
vulnerability VCID-nzcm-xbxx-wyf9
10
vulnerability VCID-pkve-yjqy-syc2
11
vulnerability VCID-qmfy-dxag-uuex
12
vulnerability VCID-ru3j-21j8-ayhm
13
vulnerability VCID-tv7h-289s-xub4
14
vulnerability VCID-wgdv-etcq-3qhw
15
vulnerability VCID-y8et-m846-2fc6
16
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf
39
url VCID-y8et-m846-2fc6
vulnerability_id VCID-y8et-m846-2fc6
summary 
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49005
published_at 2026-06-04T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49066
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id CVE-2019-12245.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
9
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-pkve-yjqy-syc2
9
vulnerability VCID-qmfy-dxag-uuex
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-tv7h-289s-xub4
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-wgdv-etcq-3qhw
14
vulnerability VCID-xg74-3h1h-kqaf
15
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-fmfu-81xu-pfdy
3
vulnerability VCID-hcuz-gz3w-97ew
4
vulnerability VCID-n4fk-735u-2baw
5
vulnerability VCID-nzcm-xbxx-wyf9
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-24a5-ruc4-bycq
2
vulnerability VCID-5dt7-nc8t-nqgh
3
vulnerability VCID-fmfu-81xu-pfdy
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-n4fk-735u-2baw
6
vulnerability VCID-pkve-yjqy-syc2
7
vulnerability VCID-qmfy-dxag-uuex
8
vulnerability VCID-ru3j-21j8-ayhm
9
vulnerability VCID-tv7h-289s-xub4
10
vulnerability VCID-wgdv-etcq-3qhw
11
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6
40
url VCID-yfuu-th6b-nba4
vulnerability_id VCID-yfuu-th6b-nba4
summary 
Cross-site Scripting
Form field validation message XSS vulnerability.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-1uhv-fetz-j7fd
3
vulnerability VCID-36z3-nafq-6kez
4
vulnerability VCID-3x46-q9cb-7ubg
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-cqjc-tsv5-7beg
14
vulnerability VCID-ecy2-x3a9-qbbx
15
vulnerability VCID-evh4-xq48-4fa6
16
vulnerability VCID-ewg1-jqza-eyez
17
vulnerability VCID-ggbg-8mtc-hudc
18
vulnerability VCID-gkkp-9fm7-jfaz
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-heyh-s54f-8qap
21
vulnerability VCID-hnhv-qx7p-wqcw
22
vulnerability VCID-hnme-cqff-c7dp
23
vulnerability VCID-m5rs-qptc-vued
24
vulnerability VCID-mkex-ht2r-cucz
25
vulnerability VCID-n4fk-735u-2baw
26
vulnerability VCID-nute-ndg2-z7ev
27
vulnerability VCID-pkve-yjqy-syc2
28
vulnerability VCID-q939-fszs-wfdp
29
vulnerability VCID-qdwg-f2bx-1bay
30
vulnerability VCID-qmfy-dxag-uuex
31
vulnerability VCID-r1eg-dwej-5kau
32
vulnerability VCID-rrmd-ud59-ffbp
33
vulnerability VCID-sg62-98yy-2kd7
34
vulnerability VCID-t81f-5b8z-hyht
35
vulnerability VCID-tv7h-289s-xub4
36
vulnerability VCID-umhc-fdfh-1fdx
37
vulnerability VCID-vatm-1vbd-bfam
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-y8et-m846-2fc6
41
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfuu-th6b-nba4
41
url VCID-z28b-1yrx-1bbn
vulnerability_id VCID-z28b-1yrx-1bbn
summary 
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-008/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-b6nm-cphj-wfgw
6
vulnerability VCID-b95v-49p7-fkas
7
vulnerability VCID-c6bz-jwhm-vkgp
8
vulnerability VCID-cmwn-cjff-9qau
9
vulnerability VCID-hcuz-gz3w-97ew
10
vulnerability VCID-hnme-cqff-c7dp
11
vulnerability VCID-mkex-ht2r-cucz
12
vulnerability VCID-n4fk-735u-2baw
13
vulnerability VCID-nute-ndg2-z7ev
14
vulnerability VCID-pkve-yjqy-syc2
15
vulnerability VCID-qdwg-f2bx-1bay
16
vulnerability VCID-qmfy-dxag-uuex
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-sg62-98yy-2kd7
19
vulnerability VCID-t81f-5b8z-hyht
20
vulnerability VCID-tv7h-289s-xub4
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-wgdv-etcq-3qhw
23
vulnerability VCID-xg74-3h1h-kqaf
24
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1p79-328x-sueq
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-hcuz-gz3w-97ew
5
vulnerability VCID-mkex-ht2r-cucz
6
vulnerability VCID-n4fk-735u-2baw
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qmfy-dxag-uuex
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-tv7h-289s-xub4
11
vulnerability VCID-wgdv-etcq-3qhw
12
vulnerability VCID-xg74-3h1h-kqaf
13
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-008
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta3