Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.0.0

Type composer

Namespace silverstripe

Name framework

Version 3.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.3.23

Latest_non_vulnerable_version 6.0.0-alpha1

Affected_by_vulnerabilities

url VCID-2f9j-ek3x-kbc5

vulnerability_id VCID-2f9j-ek3x-kbc5

summary

Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56878
published_at	2026-04-29T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56914
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56966
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56969
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56977
published_at	2026-04-11T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56957
published_at	2026-04-12T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56934
published_at	2026-04-13T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56963
published_at	2026-04-16T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5696
published_at	2026-04-18T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56937
published_at	2026-04-21T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56877
published_at	2026-04-24T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56895
published_at	2026-04-26T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56823
published_at	2026-04-01T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56917
published_at	2026-04-02T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56939
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9311

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml

reference_url

https://github.com/silverstripe/silverstripe-cms

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-cms

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9311

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-9311

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2020-9311

reference_url	https://www.silverstripe.org/download/security-releases/cve-2020-9311/
reference_id	CVE-2020-9311
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2020-9311/

reference_url

https://github.com/advisories/GHSA-2pw2-qpcp-m47x

reference_id

GHSA-2pw2-qpcp-m47x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2pw2-qpcp-m47x

fixed_packages

url pkg:composer/silverstripe/framework@3.7.5

purl pkg:composer/silverstripe/framework@3.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5

aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5

url VCID-414d-7bfm-kud7

vulnerability_id VCID-414d-7bfm-kud7

summary

Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28661

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38154
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37692
published_at	2026-04-29T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37786
published_at	2026-04-26T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37809
published_at	2026-04-24T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38024
published_at	2026-04-21T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38087
published_at	2026-04-18T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38107
published_at	2026-04-16T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38062
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38086
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38123
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38105
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38097
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38047
published_at	2026-04-07T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38176
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.37972
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28661

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed

reference_url

https://github.com/silverstripe/silverstripe-graphql/releases

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/releases

reference_url

https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28661

reference_id

CVE-2021-28661

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28661

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2021-28661

reference_id

CVE-2021-28661

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2021-28661

reference_url

https://github.com/advisories/GHSA-r7rh-g777-g5gx

reference_id

GHSA-r7rh-g777-g5gx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7rh-g777-g5gx

fixed_packages

url pkg:composer/silverstripe/framework@3.5.2

purl pkg:composer/silverstripe/framework@3.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3ydp-barm-5ya1

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-71cx-seqr-3fh5

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ete7-tupf-63c9

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-g3kz-796v-4qf1

vulnerability	VCID-j9tk-b3hv-q3c1

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kh99-kpkt-pqdq

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tzmx-hfk2-7ufr

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-v116-gayp-mbfu

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2

aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7

url VCID-4x32-t75c-u3bj

vulnerability_id VCID-4x32-t75c-u3bj

summary

Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37421

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.5521
published_at	2026-04-07T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55183
published_at	2026-04-29T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55211
published_at	2026-04-26T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5519
published_at	2026-04-24T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55253
published_at	2026-04-21T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55232
published_at	2026-04-04T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55275
published_at	2026-04-18T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55271
published_at	2026-04-16T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55233
published_at	2026-04-13T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55251
published_at	2026-04-12T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55272
published_at	2026-04-11T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5526
published_at	2026-04-09T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55259
published_at	2026-04-08T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55208
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37421

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-37421

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-37421

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url

https://www.silverstripe.org/download/security-releases/

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/

url

https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2022-37421

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2022-37421

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2022-37421

reference_id

CVE-2022-37421

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/

url

https://www.silverstripe.org/download/security-releases/CVE-2022-37421

reference_url

https://github.com/advisories/GHSA-pp74-g2q5-j4jf

reference_id

GHSA-pp74-g2q5-j4jf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pp74-g2q5-j4jf

fixed_packages

url pkg:composer/silverstripe/framework@4.11.3

purl pkg:composer/silverstripe/framework@4.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3

aliases CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj

url VCID-5pkg-j4wg-7fcn

vulnerability_id VCID-5pkg-j4wg-7fcn

summary

Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml

reference_url

https://github.com/github/advisory-database/pull/2575

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/2575

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4

reference_url

https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14

reference_url

https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2023-32302

reference_id

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2023-32302

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-32302

reference_id

CVE-2023-32302

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-32302

reference_url

https://github.com/advisories/GHSA-36xx-7vf6-7mv3

reference_id

GHSA-36xx-7vf6-7mv3

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36xx-7vf6-7mv3

reference_url

https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3

reference_id

GHSA-36xx-7vf6-7mv3

reference_type

scores

value	0.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3

fixed_packages

url pkg:composer/silverstripe/framework@4.13.14

purl pkg:composer/silverstripe/framework@4.13.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14

url pkg:composer/silverstripe/framework@5.0.13

purl pkg:composer/silverstripe/framework@5.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13

aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn

url VCID-a9qn-hsax-uke7

vulnerability_id VCID-a9qn-hsax-uke7

summary

URL Redirection to Untrusted Site (Open Redirect)
External redirection risk in `Security?ReturnURL`.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-012/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13-rc1

purl pkg:composer/silverstripe/framework@3.1.13-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-cq8a-jun5-q3hh

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gw2k-419z-t7h5

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-sr5y-b8d8-3yd6

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u2yt-tvtw-f3d6

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-v4g3-knhd-wqa7

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-yuu2-set7-fuet

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

aliases SS-2015-012-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9qn-hsax-uke7

url VCID-cc1b-b6sm-zbcw

vulnerability_id VCID-cc1b-b6sm-zbcw

summary

Silverstripe Form field validation message XSS vulnerability
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.

Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c

reference_url

https://www.silverstripe.org/download/security-releases/ss-2015-026

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2015-026

reference_url

https://github.com/advisories/GHSA-j982-5jv7-v43r

reference_id

GHSA-j982-5jv7-v43r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j982-5jv7-v43r

fixed_packages

url pkg:composer/silverstripe/framework@3.1.16

purl pkg:composer/silverstripe/framework@3.1.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

aliases GHSA-j982-5jv7-v43r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cc1b-b6sm-zbcw

url VCID-cq8a-jun5-q3hh

vulnerability_id VCID-cq8a-jun5-q3hh

summary Potential SQL Injection Vulnerability in silverstripe.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-011/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-011-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cq8a-jun5-q3hh

url VCID-dq8q-6agw-g3d5

vulnerability_id VCID-dq8q-6agw-g3d5

summary

Improper Input Validation
`HtmlEditor` improper URL sanitisation.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-027/

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-027-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dq8q-6agw-g3d5

url VCID-enkd-4y44-4ueq

vulnerability_id VCID-enkd-4y44-4ueq

summary

FormField with square brackets in field name skips validation
FileField with array notation skips validation

The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.

PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.

In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26138

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.52553
published_at	2026-04-29T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52629
published_at	2026-04-21T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52612
published_at	2026-04-12T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52598
published_at	2026-04-13T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52636
published_at	2026-04-16T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52643
published_at	2026-04-18T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52579
published_at	2026-04-24T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.5259
published_at	2026-04-26T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52493
published_at	2026-04-01T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52539
published_at	2026-04-02T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52566
published_at	2026-04-04T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52532
published_at	2026-04-07T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52584
published_at	2026-04-08T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52578
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26138

reference_url	https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url	https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26138

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26138

reference_url	https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url	https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2020-26138

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2020-26138

reference_url	https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id	CVE-2020-26138
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2020-26138/

reference_url

https://github.com/advisories/GHSA-7mv4-4xpg-xq44

reference_id

GHSA-7mv4-4xpg-xq44

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7mv4-4xpg-xq44

fixed_packages

url pkg:composer/silverstripe/framework@4.6.0

purl pkg:composer/silverstripe/framework@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0

url pkg:composer/silverstripe/framework@4.7.4

purl pkg:composer/silverstripe/framework@4.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4

aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq

url VCID-fyxa-vzeq-ubeq

vulnerability_id VCID-fyxa-vzeq-ubeq

summary

SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19326

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43201
published_at	2026-04-29T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.433
published_at	2026-04-01T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43357
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43384
published_at	2026-04-04T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43322
published_at	2026-04-07T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43374
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43389
published_at	2026-04-09T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43409
published_at	2026-04-11T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43377
published_at	2026-04-12T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43362
published_at	2026-04-13T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43421
published_at	2026-04-16T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.4341
published_at	2026-04-18T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43344
published_at	2026-04-21T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43277
published_at	2026-04-24T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43279
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19326

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19326

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19326

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-19326

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-19326

reference_url

https://github.com/advisories/GHSA-q9ff-3q93-fm8m

reference_id

GHSA-q9ff-3q93-fm8m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q9ff-3q93-fm8m

fixed_packages

url pkg:composer/silverstripe/framework@3.7.5

purl pkg:composer/silverstripe/framework@3.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5

url pkg:composer/silverstripe/framework@4.4.7

purl pkg:composer/silverstripe/framework@4.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7

url pkg:composer/silverstripe/framework@4.5.4

purl pkg:composer/silverstripe/framework@4.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4

aliases CVE-2019-19326, GHSA-q9ff-3q93-fm8m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq

url VCID-gw2k-419z-t7h5

vulnerability_id VCID-gw2k-419z-t7h5

summary

Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-014/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-014-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw2k-419z-t7h5

url VCID-kvfs-x2wd-p3h3

vulnerability_id VCID-kvfs-x2wd-p3h3

summary

IE requests issue
IE requests not properly behaving with `rewritehashlinks`.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.13

purl pkg:composer/silverstripe/framework@3.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-a9qn-hsax-uke7

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cq8a-jun5-q3hh

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gw2k-419z-t7h5

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u2yt-tvtw-f3d6

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-yuu2-set7-fuet

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.12

purl pkg:composer/silverstripe/framework@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-a9qn-hsax-uke7

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-cq8a-jun5-q3hh

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gw2k-419z-t7h5

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-sr5y-b8d8-3yd6

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u2yt-tvtw-f3d6

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-v4g3-knhd-wqa7

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-yuu2-set7-fuet

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2014-015-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfs-x2wd-p3h3

url VCID-p2kq-rkh6-ayeu

vulnerability_id VCID-p2kq-rkh6-ayeu

summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55283
published_at	2026-04-04T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55237
published_at	2026-04-29T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55244
published_at	2026-04-24T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55307
published_at	2026-04-21T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55329
published_at	2026-04-18T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55324
published_at	2026-04-16T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55316
published_at	2026-04-09T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55315
published_at	2026-04-08T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5526
published_at	2026-04-02T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55264
published_at	2026-04-26T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55286
published_at	2026-04-13T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55305
published_at	2026-04-12T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55327
published_at	2026-04-11T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5516
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe::::::::
reference_id	cpe:2.3:a:silverstripe:silverstripe::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:::::::*
reference_id	cpe:2.3:a:silverstripe:silverstripe:4.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:::::::*

reference_url

https://github.com/advisories/GHSA-wvfw-w3x6-g526

reference_id

GHSA-wvfw-w3x6-g526

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wvfw-w3x6-g526

fixed_packages

url pkg:composer/silverstripe/framework@3.6.7

purl pkg:composer/silverstripe/framework@3.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-pffp-vtk7-pqby

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7

url pkg:composer/silverstripe/framework@3.7.3

purl pkg:composer/silverstripe/framework@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3

url pkg:composer/silverstripe/framework@4.0.7

purl pkg:composer/silverstripe/framework@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7

url pkg:composer/silverstripe/framework@4.1.5

purl pkg:composer/silverstripe/framework@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5

url pkg:composer/silverstripe/framework@4.2.4

purl pkg:composer/silverstripe/framework@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4

url pkg:composer/silverstripe/framework@4.3.1

purl pkg:composer/silverstripe/framework@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-658d-vmwt-f7e8

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1

aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu

url VCID-pq29-qe7h-tkcp

vulnerability_id VCID-pq29-qe7h-tkcp

summary

Silverstripe Flash Clipboard Reflected XSS
SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59228
published_at	2026-04-01T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5934
published_at	2026-04-29T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59302
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59336
published_at	2026-04-24T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59358
published_at	2026-04-21T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59377
published_at	2026-04-18T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59371
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59338
published_at	2026-04-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59356
published_at	2026-04-26T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59373
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59353
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59341
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5929
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59325
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe::::::::
reference_id	cpe:2.3:a:silverstripe:silverstripe::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe::::::::

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12205/
reference_id	CVE-2019-12205
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12205/

reference_url

https://github.com/advisories/GHSA-rfvw-5848-gxc5

reference_id

GHSA-rfvw-5848-gxc5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rfvw-5848-gxc5

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.3.5

purl pkg:composer/silverstripe/framework@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp

url VCID-r2k8-fccc-jfc2

vulnerability_id VCID-r2k8-fccc-jfc2

summary

Cross-site Scripting
XSS In rewritten hash links.

references

reference_url	https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/
reference_id
reference_type
scores
url	https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/

fixed_packages

url pkg:composer/silverstripe/framework@3.0.13

purl pkg:composer/silverstripe/framework@3.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-a9qn-hsax-uke7

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cq8a-jun5-q3hh

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gw2k-419z-t7h5

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u2yt-tvtw-f3d6

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-yuu2-set7-fuet

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.13

url pkg:composer/silverstripe/framework@3.1.0-beta1

purl pkg:composer/silverstripe/framework@3.1.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1

url pkg:composer/silverstripe/framework@3.1.12

purl pkg:composer/silverstripe/framework@3.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-a9qn-hsax-uke7

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-cq8a-jun5-q3hh

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gw2k-419z-t7h5

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-sr5y-b8d8-3yd6

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u2yt-tvtw-f3d6

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-v4g3-knhd-wqa7

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-yuu2-set7-fuet

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-009-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2k8-fccc-jfc2

url VCID-t17w-gcwe-eue4

vulnerability_id VCID-t17w-gcwe-eue4

summary

Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side

HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed).

This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.silverstripe.org/download/security-releases/ss-2015-027

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2015-027

reference_url

https://github.com/advisories/GHSA-qp29-wcc2-vmpc

reference_id

GHSA-qp29-wcc2-vmpc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qp29-wcc2-vmpc

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

aliases GHSA-qp29-wcc2-vmpc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t17w-gcwe-eue4

url VCID-ur9h-h6mw-fbdh

vulnerability_id VCID-ur9h-h6mw-fbdh

summary

Cross-site Scripting
Form field validation message XSS vulnerability.

references

reference_url	https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2015-026/

fixed_packages

url pkg:composer/silverstripe/framework@3.2.1

purl pkg:composer/silverstripe/framework@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

aliases SS-2015-026-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9h-h6mw-fbdh

url VCID-yuu2-set7-fuet

vulnerability_id VCID-yuu2-set7-fuet

summary

SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters.

For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush" could also be used in succession to cause excessive load on a victim site and risk denial of service.

The fix in this case is to ensure that empty tokens fail the validation check.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3

reference_url

https://www.silverstripe.org/software/download/security-releases/ss-2015-014

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/software/download/security-releases/ss-2015-014

reference_url

https://github.com/advisories/GHSA-g4hp-pfvf-vm5w

reference_id

GHSA-g4hp-pfvf-vm5w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4hp-pfvf-vm5w

fixed_packages

url pkg:composer/silverstripe/framework@3.0.14

purl pkg:composer/silverstripe/framework@3.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zu16-xznb-s3c7

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14

url pkg:composer/silverstripe/framework@3.1.13

purl pkg:composer/silverstripe/framework@3.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2f9j-ek3x-kbc5

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-3pwx-7wzy-qbdw

vulnerability	VCID-414d-7bfm-kud7

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5k79-mfyz-xqhu

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6j2p-tzvx-9bdj

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-8wbx-bvm9-jqcv

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c3vp-kc9a-vkhn

vulnerability	VCID-cc1b-b6sm-zbcw

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cg3k-vmk4-5kdb

vulnerability	VCID-dg5e-tkef-buab

vulnerability	VCID-dgn7-zmwr-u3c6

vulnerability	VCID-dq8q-6agw-g3d5

vulnerability	VCID-dx5f-g875-5bct

vulnerability	VCID-eaqw-9k5p-pybr

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-ehd6-y3gw-fufu

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fff2-h9gn-9qhu

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-hgkh-tcdc-ufd5

vulnerability	VCID-j6ze-f76y-cqgy

vulnerability	VCID-k7bb-y315-4qb6

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kdyk-rrrr-pufw

vulnerability	VCID-kqk7-mdnd-hfc7

vulnerability	VCID-krjm-ygks-wyct

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kz63-ftzc-tudk

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p52e-s67u-eya7

vulnerability	VCID-pg9r-huax-rqfv

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-sm51-m1g2-47dz

vulnerability	VCID-t17w-gcwe-eue4

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-te88-ws12-3bc8

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-tuwu-cznx-jqdb

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ur9h-h6mw-fbdh

vulnerability	VCID-w7x4-tung-wyae

vulnerability	VCID-wazt-hn99-qkdk

vulnerability	VCID-wrnm-d19b-hqby

vulnerability	VCID-ya8k-c5s5-47gx

vulnerability	VCID-ypfw-xhud-bbfs

vulnerability	VCID-yuer-yn1w-q3gw

vulnerability	VCID-z7fk-zbvh-quew

vulnerability	VCID-zgy5-8cgd-gqhm

vulnerability	VCID-zr7a-tdxv-rqff

vulnerability	VCID-zr8u-z3r4-cbct

vulnerability	VCID-zxmh-xcvd-53fe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13

aliases GHSA-g4hp-pfvf-vm5w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuu2-set7-fuet

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.0

Package Instance