Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/23907?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/23907?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.3", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.4.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55376?format=api", "vulnerability_id": "VCID-2f9j-ek3x-kbc5", "summary": "Silverstripe CMS XSS Vulnerability\nIn SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56934", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56939", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56966", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56969", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56957", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311/", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311/" }, { "reference_url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x", "reference_id": "GHSA-2pw2-qpcp-m47x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82485?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" } ], "aliases": [ "CVE-2020-9311", "GHSA-2pw2-qpcp-m47x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12481?format=api", "vulnerability_id": "VCID-2rbk-47h6-d7d8", "summary": "Business Logic Errors in GitHub repository silverstripe/silverstripe-framework", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2" }, { "reference_url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227", "reference_id": "CVE-2022-0227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227" }, { "reference_url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8", "reference_id": "GHSA-32m2-9f76-4gv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44747?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1" } ], "aliases": [ "CVE-2022-0227", "GHSA-32m2-9f76-4gv8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbk-47h6-d7d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19146?format=api", "vulnerability_id": "VCID-3ydp-barm-5ya1", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in page history comparison\nAuthenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-004" }, { "reference_url": "https://github.com/advisories/GHSA-c4c3-j73v-634r", "reference_id": "GHSA-c4c3-j73v-634r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4c3-j73v-634r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60156?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/25036?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-c4c3-j73v-634r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydp-barm-5ya1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11325?format=api", "vulnerability_id": "VCID-414d-7bfm-kud7", "summary": "Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37972", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38154", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38097", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" }, { "reference_url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx", "reference_id": "GHSA-r7rh-g777-g5gx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23911?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2021-28661", "GHSA-r7rh-g777-g5gx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17411?format=api", "vulnerability_id": "VCID-4f9c-aun4-wfep", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63903", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00457", "scoring_system": "epss", "scoring_elements": "0.63911", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57348?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53401?format=api", "vulnerability_id": "VCID-4x32-t75c-u3bj", "summary": "Silverstipe CMS Stored XSS in custom meta tags\nA malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.\nThis requires CMS access to exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55232", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.5521", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55259", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.5526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55251", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421" }, { "reference_url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf", "reference_id": "GHSA-pp74-g2q5-j4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/342277?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3" } ], "aliases": [ "CVE-2022-37421", "GHSA-pp74-g2q5-j4jf", "GMS-2022-6855" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18553?format=api", "vulnerability_id": "VCID-5pkg-j4wg-7fcn", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59209?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/59210?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51104?format=api", "vulnerability_id": "VCID-6du5-hdvd-fueb", "summary": "Session fixation in change password form\nSilverStripe through 4.3.3 allows session fixation in the \"change password\" form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16838", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16817", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16969", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16911", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1704", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79064?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79063?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73303?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6du5-hdvd-fueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25920?format=api", "vulnerability_id": "VCID-6epx-c68d-d7bv", "summary": "Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-53277\n\n## Reported by\n\nLeo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77739", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77755", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.7775", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77712", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01074", "scoring_system": "epss", "scoring_elements": "0.77781", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59683?format=api", "vulnerability_id": "VCID-7dk3-gcup-2kc9", "summary": "SilverStripe XXE Vulnerability in CSSContentParser\nSilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57361", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57362", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57391", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57409", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57415", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5728", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57385", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57413", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817" }, { "reference_url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8", "reference_id": "GHSA-3vjc-5x79-m9r8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/251449?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80943?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-25817", "GHSA-3vjc-5x79-m9r8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dk3-gcup-2kc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14328?format=api", "vulnerability_id": "VCID-86yd-4mkt-hydr", "summary": "Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter\n### Impact\nIf a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.\n\n**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)\n**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)\n\n### References\n- https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45371", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45369", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.454", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45359", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45379", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45323", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50544?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/50545?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25373?format=api", "vulnerability_id": "VCID-a3yc-fxa1-gfhy", "summary": "Silverstripe Framework has a XSS vulnerability in HTML editor\n### Impact\n\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.\n\n### Reported by\n\nJames Nicoll from Fujitsu Cyber\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2025-30148", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37948", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37901", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37851", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37893", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37929", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68612?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8720?format=api", "vulnerability_id": "VCID-ab5z-bqka-xudb", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43713", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43675", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43743", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43762", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4373", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" }, { "reference_url": "https://github.com/advisories/GHSA-2jvj-mhf2-g99w", "reference_id": "GHSA-2jvj-mhf2-g99w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2jvj-mhf2-g99w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/167503?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26304?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/167506?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/26305?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/167507?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26306?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ab5z-bqka-xudb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45965?format=api", "vulnerability_id": "VCID-ajga-3b99-yugh", "summary": "Authentication bypass in SilverStripe GraphQL\nThe GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.\n\nBasic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\\Graphql\\Auth\\Handler", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44182", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44176", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44193", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44188", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44118", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44206", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/251449?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajga-3b99-yugh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25895?format=api", "vulnerability_id": "VCID-axxx-gpfn-mqc9", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51150?format=api", "vulnerability_id": "VCID-bdcq-z11u-zyh5", "summary": "Lack of access control on upoaded files\nSilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48744", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48814", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48806", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48809", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48783", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79064?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79063?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/79091?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdcq-z11u-zyh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19427?format=api", "vulnerability_id": "VCID-bmqt-5ybj-kuf6", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in page name\nsilverstripe/framework is vulnerable to XSS in Page name where the payload `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001" }, { "reference_url": "https://github.com/advisories/GHSA-hhvj-mcrx-3vcf", "reference_id": "GHSA-hhvj-mcrx-3vcf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhvj-mcrx-3vcf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23911?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "GHSA-hhvj-mcrx-3vcf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmqt-5ybj-kuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8179?format=api", "vulnerability_id": "VCID-c3vp-kc9a-vkhn", "summary": "Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59047", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59173", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.5912", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59143", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59172", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "CVE-2017-14498", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" }, { "reference_url": "https://github.com/advisories/GHSA-j696-6m57-mcrv", "reference_id": "GHSA-j696-6m57-mcrv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j696-6m57-mcrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/164562?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/24698?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vp-kc9a-vkhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10759?format=api", "vulnerability_id": "VCID-cdgj-bdpy-ukak", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42112", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42138", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42153", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42152", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42124", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" }, { "reference_url": "https://github.com/advisories/GHSA-fx37-56v6-85q6", "reference_id": "GHSA-fx37-56v6-85q6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fx37-56v6-85q6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdgj-bdpy-ukak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33514?format=api", "vulnerability_id": "VCID-eddc-w9wx-c3gq", "summary": "Broken access control on files\nIn SilverStripe assets 4.0, there is broken access control on files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56462", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56495", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5649", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.5644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56458", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56338", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/167507?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26306?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73303?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eddc-w9wx-c3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53327?format=api", "vulnerability_id": "VCID-enkd-4y44-4ueq", "summary": "FormField with square brackets in field name skips validation\nFileField with array notation skips validation\n\nThe FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.\n\nPHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.\n\nIn this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52598", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52539", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52566", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52584", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52629", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52612", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52493", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/" }, { "reference_url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44", "reference_id": "GHSA-7mv4-4xpg-xq44", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/251449?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80943?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-26138", "GHSA-7mv4-4xpg-xq44" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19300?format=api", "vulnerability_id": "VCID-ete7-tupf-63c9", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage\nRedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-003" }, { "reference_url": "https://github.com/advisories/GHSA-pp7q-6j3f-74vj", "reference_id": "GHSA-pp7q-6j3f-74vj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp7q-6j3f-74vj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60156?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/25036?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-pp7q-6j3f-74vj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ete7-tupf-63c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51114?format=api", "vulnerability_id": "VCID-fpb7-5pwu-tyg5", "summary": "SilverStripe Priviledge escalation through cache pollution\nIn SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5359", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53674", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53659", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5361", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53614", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53691", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73303?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpb7-5pwu-tyg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57519?format=api", "vulnerability_id": "VCID-fyxa-vzeq-ubeq", "summary": "SilverStripe Web Cache Poisoning through HTTPRequestBuilder\nSilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43362", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43377", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43409", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.433", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326" }, { "reference_url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m", "reference_id": "GHSA-q9ff-3q93-fm8m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82485?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/82300?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/82301?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2019-19326", "GHSA-q9ff-3q93-fm8m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7835?format=api", "vulnerability_id": "VCID-j6ze-f76y-cqgy", "summary": "Cross-site Scripting\nThere is an XSS in SilverStripe CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49955", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49941", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49972", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49953", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.4996", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.49905", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "CVE-2017-5197", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23844?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-bmqt-5ybj-kuf6" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23910?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/23845?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-bmqt-5ybj-kuf6" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23911?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ze-f76y-cqgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17786?format=api", "vulnerability_id": "VCID-kak1-btjp-kqgz", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags\n### Impact\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.\n\n### References:\n- https://www.silverstripe.org/download/security-releases/ss-2024-001\n- https://github.com/advisories/GHSA-5359-pvf2-pw78", "references": [ { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57580?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8357?format=api", "vulnerability_id": "VCID-kdyk-rrrr-pufw", "summary": "Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45872", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45896", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45785", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45874", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45878", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45822", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf", "reference_id": "GHSA-fwhr-g5r4-xgxf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/165356?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25037?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/164562?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/24698?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyk-rrrr-pufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25884?format=api", "vulnerability_id": "VCID-kvhv-9fj5-7kgk", "summary": "Silverstripe Framework has a XSS via insert media remote file oembed\n### Impact\n\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-47605\n\n## Reported by\n\nJames Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.884", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88391", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88372", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0398", "scoring_system": "epss", "scoring_elements": "0.88353", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/739694?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25962?format=api", "vulnerability_id": "VCID-kw9p-5fbc-hudg", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69179?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54007?format=api", "vulnerability_id": "VCID-kxa8-dmva-ayff", "summary": "Quadratic blowup in Convert::xml2array()\nSilverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57282", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57432", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57387", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57364", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" }, { "reference_url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w", "reference_id": "GHSA-9fmg-89fx-r33w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81457?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/319025?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1" } ], "aliases": [ "CVE-2021-41559", "GHSA-9fmg-89fx-r33w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxa8-dmva-ayff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10566?format=api", "vulnerability_id": "VCID-p2kq-rkh6-ayeu", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.5516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.5526", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55316", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55327", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55305", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-wvfw-w3x6-g526", "reference_id": "GHSA-wvfw-w3x6-g526", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wvfw-w3x6-g526" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35960?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pffp-vtk7-pqby" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35961?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35962?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/35963?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/35964?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/35965?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-658d-vmwt-f7e8" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54540?format=api", "vulnerability_id": "VCID-pq29-qe7h-tkcp", "summary": "Silverstripe Flash Clipboard Reflected XSS\nSilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59302", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59338", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59228", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59373", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59353", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.5929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59325", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205/", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205/" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73303?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17395?format=api", "vulnerability_id": "VCID-qm38-1cwk-b3hq", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49576", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49621", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49554", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49593", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00262", "scoring_system": "epss", "scoring_elements": "0.49592", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57348?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11326?format=api", "vulnerability_id": "VCID-tc2y-zrea-vyb2", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58857", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5892", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58972", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.58979", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150" }, { "reference_url": "https://github.com/advisories/GHSA-j66h-cc96-c32q", "reference_id": "GHSA-j66h-cc96-c32q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j66h-cc96-c32q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/263530?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/40630?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0" } ], "aliases": [ "CVE-2021-36150", "GHSA-j66h-cc96-c32q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57490?format=api", "vulnerability_id": "VCID-tm1s-2m92-uyh9", "summary": "SilverStripe asset-admin Cross-site Scripting (XSS)\nIn SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57275", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57327", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57325", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57274", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57194", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57298", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57322", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-jgw2-f5mx-rg7h", "reference_id": "GHSA-jgw2-f5mx-rg7h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgw2-f5mx-rg7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/167507?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-6xwk-ee7f-5ubd" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26306?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nes-cr3m-j3dv" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c75p-3hdz-q3b6" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ff5q-59gf-nugg" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-jx5m-bqc6-h3bv" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-kxyq-vg6e-6uac" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-p554-wkxw-gfdh" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qak9-2t7g-w3fv" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xnb4-zjws-vuhu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73303?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/73304?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tm1s-2m92-uyh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19601?format=api", "vulnerability_id": "VCID-tzmx-hfk2-7ufr", "summary": "silverstripe/framework member disclosure in login form\nThere is a user ID enumeration vulnerability in our brute force error messages.\n\n- Users that don't exist in will never get a locked out message\n- Users that do exist, will get a locked out message\n\nThis means an attacker can infer or confirm user details that exist in the member table.\n\nThis issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-002" }, { "reference_url": "https://github.com/advisories/GHSA-g84q-cq55-xwgp", "reference_id": "GHSA-g84q-cq55-xwgp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g84q-cq55-xwgp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60156?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/25036?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-g84q-cq55-xwgp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tzmx-hfk2-7ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54669?format=api", "vulnerability_id": "VCID-u49v-31sv-eqc3", "summary": "SilverStripe Denial of Service on flush and development URL tools\nSilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36415", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36331", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36225", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36322", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" }, { "reference_url": "https://github.com/advisories/GHSA-5fr8-xhqq-4p3q", "reference_id": "GHSA-5fr8-xhqq-4p3q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fr8-xhqq-4p3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193726?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81942?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-cfgg-fgjt-z3hn" }, { "vulnerability": "VCID-d5q3-jrdb-euav" }, { "vulnerability": "VCID-dc9y-v257-6bhf" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-ftdr-uzuh-8ybc" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-gme6-wj87-ekfw" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kd3t-2gzd-q3hq" }, { "vulnerability": "VCID-kgm4-g26x-gken" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-m8w1-g9h9-vuce" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-ua49-snhx-dqa4" }, { "vulnerability": "VCID-w4fh-cpaq-nqat" }, { "vulnerability": "VCID-xw77-b18v-8kc4" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u49v-31sv-eqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7802?format=api", "vulnerability_id": "VCID-ya8k-c5s5-47gx", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23844?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-bmqt-5ybj-kuf6" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23845?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f9j-ek3x-kbc5" }, { "vulnerability": "VCID-2rbk-47h6-d7d8" }, { "vulnerability": "VCID-3ydp-barm-5ya1" }, { "vulnerability": "VCID-414d-7bfm-kud7" }, { "vulnerability": "VCID-4f9c-aun4-wfep" }, { "vulnerability": "VCID-4x32-t75c-u3bj" }, { "vulnerability": "VCID-5pkg-j4wg-7fcn" }, { "vulnerability": "VCID-6du5-hdvd-fueb" }, { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-71cx-seqr-3fh5" }, { "vulnerability": "VCID-7dk3-gcup-2kc9" }, { "vulnerability": "VCID-86yd-4mkt-hydr" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-ab5z-bqka-xudb" }, { "vulnerability": "VCID-ajga-3b99-yugh" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-bdcq-z11u-zyh5" }, { "vulnerability": "VCID-bmqt-5ybj-kuf6" }, { "vulnerability": "VCID-c3vp-kc9a-vkhn" }, { "vulnerability": "VCID-cdgj-bdpy-ukak" }, { "vulnerability": "VCID-eddc-w9wx-c3gq" }, { "vulnerability": "VCID-enkd-4y44-4ueq" }, { "vulnerability": "VCID-ete7-tupf-63c9" }, { "vulnerability": "VCID-fpb7-5pwu-tyg5" }, { "vulnerability": "VCID-fyxa-vzeq-ubeq" }, { "vulnerability": "VCID-g3kz-796v-4qf1" }, { "vulnerability": "VCID-j9tk-b3hv-q3c1" }, { "vulnerability": "VCID-kak1-btjp-kqgz" }, { "vulnerability": "VCID-kdyk-rrrr-pufw" }, { "vulnerability": "VCID-kh99-kpkt-pqdq" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-kxa8-dmva-ayff" }, { "vulnerability": "VCID-p2kq-rkh6-ayeu" }, { "vulnerability": "VCID-pq29-qe7h-tkcp" }, { "vulnerability": "VCID-qm38-1cwk-b3hq" }, { "vulnerability": "VCID-tc2y-zrea-vyb2" }, { "vulnerability": "VCID-tm1s-2m92-uyh9" }, { "vulnerability": "VCID-tzmx-hfk2-7ufr" }, { "vulnerability": "VCID-u49v-31sv-eqc3" }, { "vulnerability": "VCID-v116-gayp-mbfu" }, { "vulnerability": "VCID-yuer-yn1w-q3gw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17627?format=api", "vulnerability_id": "VCID-yuer-yn1w-q3gw", "summary": "Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\n### Impact\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.\n\n### References\n- https://www.silverstripe.org/download/security-releases/cve-2024-32981", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77545", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77534", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77524", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.77515", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57580?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6epx-c68d-d7bv" }, { "vulnerability": "VCID-a3yc-fxa1-gfhy" }, { "vulnerability": "VCID-axxx-gpfn-mqc9" }, { "vulnerability": "VCID-kvhv-9fj5-7kgk" }, { "vulnerability": "VCID-kw9p-5fbc-hudg" }, { "vulnerability": "VCID-qjgf-hxng-j3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.3" }