Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.5.0
Typecomposer
Namespacesilverstripe
Nameframework
Version3.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-2f9j-ek3x-kbc5
vulnerability_id VCID-2f9j-ek3x-kbc5
summary 
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.56934
published_at 2026-04-13T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.56823
published_at 2026-04-01T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.56917
published_at 2026-04-02T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.56939
published_at 2026-04-04T12:55:00Z
4
value 0.00343
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-07T12:55:00Z
5
value 0.00343
scoring_system epss
scoring_elements 0.56966
published_at 2026-04-08T12:55:00Z
6
value 0.00343
scoring_system epss
scoring_elements 0.56969
published_at 2026-04-09T12:55:00Z
7
value 0.00343
scoring_system epss
scoring_elements 0.56977
published_at 2026-04-11T12:55:00Z
8
value 0.00343
scoring_system epss
scoring_elements 0.56957
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311/
reference_id CVE-2020-9311
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-9311/
7
reference_url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
reference_id GHSA-2pw2-qpcp-m47x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2pw2-qpcp-m47x
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-enkd-4y44-4ueq
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kvhv-9fj5-7kgk
13
vulnerability VCID-kw9p-5fbc-hudg
14
vulnerability VCID-kxa8-dmva-ayff
15
vulnerability VCID-qm38-1cwk-b3hq
16
vulnerability VCID-tc2y-zrea-vyb2
17
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5
1
url VCID-2rbk-47h6-d7d8
vulnerability_id VCID-2rbk-47h6-d7d8
summary Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
2
reference_url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
reference_id CVE-2022-0227
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
4
reference_url https://github.com/advisories/GHSA-32m2-9f76-4gv8
reference_id GHSA-32m2-9f76-4gv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32m2-9f76-4gv8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.1
purl pkg:composer/silverstripe/framework@4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-4x32-t75c-u3bj
2
vulnerability VCID-5pkg-j4wg-7fcn
3
vulnerability VCID-6epx-c68d-d7bv
4
vulnerability VCID-86yd-4mkt-hydr
5
vulnerability VCID-a3yc-fxa1-gfhy
6
vulnerability VCID-axxx-gpfn-mqc9
7
vulnerability VCID-cfgg-fgjt-z3hn
8
vulnerability VCID-d5q3-jrdb-euav
9
vulnerability VCID-ftdr-uzuh-8ybc
10
vulnerability VCID-kak1-btjp-kqgz
11
vulnerability VCID-kd3t-2gzd-q3hq
12
vulnerability VCID-kgm4-g26x-gken
13
vulnerability VCID-kvhv-9fj5-7kgk
14
vulnerability VCID-kw9p-5fbc-hudg
15
vulnerability VCID-kxa8-dmva-ayff
16
vulnerability VCID-qjgf-hxng-j3g9
17
vulnerability VCID-qm38-1cwk-b3hq
18
vulnerability VCID-ua49-snhx-dqa4
19
vulnerability VCID-w4fh-cpaq-nqat
20
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1
aliases CVE-2022-0227, GHSA-32m2-9f76-4gv8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbk-47h6-d7d8
2
url VCID-3ydp-barm-5ya1
vulnerability_id VCID-3ydp-barm-5ya1
summary 
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-004
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-004
4
reference_url https://github.com/advisories/GHSA-c4c3-j73v-634r
reference_id GHSA-c4c3-j73v-634r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4c3-j73v-634r
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.4
purl pkg:composer/silverstripe/framework@3.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-kh99-kpkt-pqdq
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4
aliases GHSA-c4c3-j73v-634r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydp-barm-5ya1
3
url VCID-414d-7bfm-kud7
vulnerability_id VCID-414d-7bfm-kud7
summary 
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.38047
published_at 2026-04-07T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38062
published_at 2026-04-13T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38086
published_at 2026-04-12T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38123
published_at 2026-04-11T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38105
published_at 2026-04-09T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.37972
published_at 2026-04-01T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38154
published_at 2026-04-02T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38176
published_at 2026-04-04T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38097
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28661
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml
2
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
3
reference_url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed
4
reference_url https://github.com/silverstripe/silverstripe-graphql/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases
5
reference_url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28661
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
reference_id CVE-2021-28661
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-28661
8
reference_url https://github.com/advisories/GHSA-r7rh-g777-g5gx
reference_id GHSA-r7rh-g777-g5gx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7rh-g777-g5gx
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-c3vp-kc9a-vkhn
17
vulnerability VCID-cdgj-bdpy-ukak
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-ete7-tupf-63c9
21
vulnerability VCID-fpb7-5pwu-tyg5
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-g3kz-796v-4qf1
24
vulnerability VCID-j9tk-b3hv-q3c1
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kdyk-rrrr-pufw
27
vulnerability VCID-kh99-kpkt-pqdq
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-p2kq-rkh6-ayeu
32
vulnerability VCID-pq29-qe7h-tkcp
33
vulnerability VCID-qm38-1cwk-b3hq
34
vulnerability VCID-tc2y-zrea-vyb2
35
vulnerability VCID-tm1s-2m92-uyh9
36
vulnerability VCID-tzmx-hfk2-7ufr
37
vulnerability VCID-u49v-31sv-eqc3
38
vulnerability VCID-v116-gayp-mbfu
39
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2021-28661, GHSA-r7rh-g777-g5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7
4
url VCID-4f9c-aun4-wfep
vulnerability_id VCID-4f9c-aun4-wfep
summary 
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
reference_id
reference_type
scores
0
value 0.00457
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-02T12:55:00Z
1
value 0.00457
scoring_system epss
scoring_elements 0.63903
published_at 2026-04-13T12:55:00Z
2
value 0.00457
scoring_system epss
scoring_elements 0.63936
published_at 2026-04-12T12:55:00Z
3
value 0.00457
scoring_system epss
scoring_elements 0.63949
published_at 2026-04-11T12:55:00Z
4
value 0.00457
scoring_system epss
scoring_elements 0.63937
published_at 2026-04-09T12:55:00Z
5
value 0.00457
scoring_system epss
scoring_elements 0.63919
published_at 2026-04-08T12:55:00Z
6
value 0.00457
scoring_system epss
scoring_elements 0.63869
published_at 2026-04-07T12:55:00Z
7
value 0.00457
scoring_system epss
scoring_elements 0.63911
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22728
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
reference_id CVE-2023-22728
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
6
reference_url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5pkg-j4wg-7fcn
1
vulnerability VCID-6epx-c68d-d7bv
2
vulnerability VCID-86yd-4mkt-hydr
3
vulnerability VCID-a3yc-fxa1-gfhy
4
vulnerability VCID-axxx-gpfn-mqc9
5
vulnerability VCID-kak1-btjp-kqgz
6
vulnerability VCID-kvhv-9fj5-7kgk
7
vulnerability VCID-kw9p-5fbc-hudg
8
vulnerability VCID-qjgf-hxng-j3g9
9
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep
5
url VCID-4x32-t75c-u3bj
vulnerability_id VCID-4x32-t75c-u3bj
summary 
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55233
published_at 2026-04-13T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55208
published_at 2026-04-02T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.55232
published_at 2026-04-04T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.5521
published_at 2026-04-07T12:55:00Z
4
value 0.00322
scoring_system epss
scoring_elements 0.55259
published_at 2026-04-08T12:55:00Z
5
value 0.00322
scoring_system epss
scoring_elements 0.5526
published_at 2026-04-09T12:55:00Z
6
value 0.00322
scoring_system epss
scoring_elements 0.55272
published_at 2026-04-11T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55251
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2022-37421
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
reference_id CVE-2022-37421
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
9
reference_url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
reference_id GHSA-pp74-g2q5-j4jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
fixed_packages
0
url pkg:composer/silverstripe/framework@4.11.3
purl pkg:composer/silverstripe/framework@4.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-5pkg-j4wg-7fcn
2
vulnerability VCID-6epx-c68d-d7bv
3
vulnerability VCID-86yd-4mkt-hydr
4
vulnerability VCID-a3yc-fxa1-gfhy
5
vulnerability VCID-axxx-gpfn-mqc9
6
vulnerability VCID-cfgg-fgjt-z3hn
7
vulnerability VCID-d5q3-jrdb-euav
8
vulnerability VCID-ftdr-uzuh-8ybc
9
vulnerability VCID-kak1-btjp-kqgz
10
vulnerability VCID-kgm4-g26x-gken
11
vulnerability VCID-kvhv-9fj5-7kgk
12
vulnerability VCID-kw9p-5fbc-hudg
13
vulnerability VCID-qjgf-hxng-j3g9
14
vulnerability VCID-qm38-1cwk-b3hq
15
vulnerability VCID-ua49-snhx-dqa4
16
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3
aliases CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj
6
url VCID-5pkg-j4wg-7fcn
vulnerability_id VCID-5pkg-j4wg-7fcn
summary 
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
1
reference_url https://github.com/github/advisory-database/pull/2575
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2575
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
4
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
5
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
reference_id CVE-2023-32302
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
8
reference_url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
9
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.14
purl pkg:composer/silverstripe/framework@4.13.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-86yd-4mkt-hydr
2
vulnerability VCID-a3yc-fxa1-gfhy
3
vulnerability VCID-axxx-gpfn-mqc9
4
vulnerability VCID-kak1-btjp-kqgz
5
vulnerability VCID-kvhv-9fj5-7kgk
6
vulnerability VCID-kw9p-5fbc-hudg
7
vulnerability VCID-qjgf-hxng-j3g9
8
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14
1
url pkg:composer/silverstripe/framework@5.0.13
purl pkg:composer/silverstripe/framework@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-86yd-4mkt-hydr
2
vulnerability VCID-a3yc-fxa1-gfhy
3
vulnerability VCID-axxx-gpfn-mqc9
4
vulnerability VCID-kak1-btjp-kqgz
5
vulnerability VCID-kvhv-9fj5-7kgk
6
vulnerability VCID-kw9p-5fbc-hudg
7
vulnerability VCID-qjgf-hxng-j3g9
8
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13
aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn
7
url VCID-6du5-hdvd-fueb
vulnerability_id VCID-6du5-hdvd-fueb
summary 
Session fixation in change password form
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.16985
published_at 2026-04-02T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.16838
published_at 2026-04-13T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.16897
published_at 2026-04-12T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.16943
published_at 2026-04-11T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.16817
published_at 2026-04-01T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16969
published_at 2026-04-09T12:55:00Z
6
value 0.00054
scoring_system epss
scoring_elements 0.16911
published_at 2026-04-08T12:55:00Z
7
value 0.00054
scoring_system epss
scoring_elements 0.16823
published_at 2026-04-07T12:55:00Z
8
value 0.00054
scoring_system epss
scoring_elements 0.1704
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv2
scoring_elements AV:L/AC:H/Au:N/C:P/I:P/A:P
1
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
10
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
reference_id CVE-2019-12203
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
11
reference_url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
reference_id GHSA-w7r7-r8r9-vrg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pffp-vtk7-pqby
23
vulnerability VCID-pq29-qe7h-tkcp
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-tm1s-2m92-uyh9
27
vulnerability VCID-u49v-31sv-eqc3
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pq29-qe7h-tkcp
23
vulnerability VCID-qm38-1cwk-b3hq
24
vulnerability VCID-tc2y-zrea-vyb2
25
vulnerability VCID-tm1s-2m92-uyh9
26
vulnerability VCID-u49v-31sv-eqc3
27
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6du5-hdvd-fueb
8
url VCID-6epx-c68d-d7bv
vulnerability_id VCID-6epx-c68d-d7bv
summary 
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.

Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.

### References

- https://www.silverstripe.org/download/security-releases/cve-2024-53277

## Reported by

Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
reference_id
reference_type
scores
0
value 0.01074
scoring_system epss
scoring_elements 0.77739
published_at 2026-04-04T12:55:00Z
1
value 0.01074
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-09T12:55:00Z
2
value 0.01074
scoring_system epss
scoring_elements 0.7775
published_at 2026-04-08T12:55:00Z
3
value 0.01074
scoring_system epss
scoring_elements 0.77722
published_at 2026-04-07T12:55:00Z
4
value 0.01074
scoring_system epss
scoring_elements 0.77712
published_at 2026-04-02T12:55:00Z
5
value 0.01074
scoring_system epss
scoring_elements 0.77765
published_at 2026-04-13T12:55:00Z
6
value 0.01074
scoring_system epss
scoring_elements 0.77781
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-53277
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-53277
7
reference_url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
reference_id GHSA-ff6q-3c9c-6cf5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv
9
url VCID-71cx-seqr-3fh5
vulnerability_id VCID-71cx-seqr-3fh5
summary 
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field.

In order to address this a one-way hash is applied to the Email field before being stored.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-009
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-009
6
reference_url https://github.com/advisories/GHSA-ph62-fv59-vf9h
reference_id GHSA-ph62-fv59-vf9h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph62-fv59-vf9h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
1
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-ff5q-59gf-nugg
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-kak1-btjp-kqgz
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-p2kq-rkh6-ayeu
24
vulnerability VCID-pffp-vtk7-pqby
25
vulnerability VCID-pq29-qe7h-tkcp
26
vulnerability VCID-qm38-1cwk-b3hq
27
vulnerability VCID-tc2y-zrea-vyb2
28
vulnerability VCID-tm1s-2m92-uyh9
29
vulnerability VCID-u49v-31sv-eqc3
30
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
2
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases GHSA-ph62-fv59-vf9h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71cx-seqr-3fh5
10
url VCID-7dk3-gcup-2kc9
vulnerability_id VCID-7dk3-gcup-2kc9
summary 
SilverStripe XXE Vulnerability in CSSContentParser
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57361
published_at 2026-04-07T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57362
published_at 2026-04-02T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57391
published_at 2026-04-13T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57409
published_at 2026-04-12T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.5743
published_at 2026-04-11T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57415
published_at 2026-04-09T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.5728
published_at 2026-04-01T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57385
published_at 2026-04-04T12:55:00Z
8
value 0.00348
scoring_system epss
scoring_elements 0.57413
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-25817
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-25817
8
reference_url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
reference_id GHSA-3vjc-5x79-m9r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-tc2y-zrea-vyb2
20
vulnerability VCID-ua49-snhx-dqa4
21
vulnerability VCID-w4fh-cpaq-nqat
22
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-tc2y-zrea-vyb2
20
vulnerability VCID-ua49-snhx-dqa4
21
vulnerability VCID-w4fh-cpaq-nqat
22
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-25817, GHSA-3vjc-5x79-m9r8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dk3-gcup-2kc9
11
url VCID-86yd-4mkt-hydr
vulnerability_id VCID-86yd-4mkt-hydr
summary 
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
### Impact
If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.

**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)
**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)

### References
- https://www.silverstripe.org/download/security-releases/CVE-2023-48714
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45378
published_at 2026-04-09T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45371
published_at 2026-04-13T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45369
published_at 2026-04-12T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.454
published_at 2026-04-11T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45359
published_at 2026-04-02T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45379
published_at 2026-04-04T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45323
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
6
reference_url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.39
purl pkg:composer/silverstripe/framework@4.13.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kak1-btjp-kqgz
4
vulnerability VCID-kvhv-9fj5-7kgk
5
vulnerability VCID-kw9p-5fbc-hudg
6
vulnerability VCID-qjgf-hxng-j3g9
7
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39
1
url pkg:composer/silverstripe/framework@5.1.11
purl pkg:composer/silverstripe/framework@5.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kak1-btjp-kqgz
4
vulnerability VCID-kvhv-9fj5-7kgk
5
vulnerability VCID-kw9p-5fbc-hudg
6
vulnerability VCID-qjgf-hxng-j3g9
7
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11
aliases CVE-2023-48714, GHSA-qm2j-qvq3-j29v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr
12
url VCID-a3yc-fxa1-gfhy
vulnerability_id VCID-a3yc-fxa1-gfhy
summary 
Silverstripe Framework has a XSS vulnerability in HTML editor
### Impact

A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this attack.

### Reported by

James Nicoll from Fujitsu Cyber

### References

- https://www.silverstripe.org/download/security-releases/cve-2025-30148
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37948
published_at 2026-04-02T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37914
published_at 2026-04-09T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37901
published_at 2026-04-08T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37851
published_at 2026-04-07T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37974
published_at 2026-04-04T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37868
published_at 2026-04-13T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37893
published_at 2026-04-12T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37929
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
4
reference_url https://github.com/silverstripe/silverstripe-framework/pull/11682
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/pull/11682
5
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2025-30148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://www.silverstripe.org/download/security-releases/cve-2025-30148
8
reference_url https://github.com/advisories/GHSA-rhx4-hvx9-j387
reference_id GHSA-rhx4-hvx9-j387
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhx4-hvx9-j387
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.23
purl pkg:composer/silverstripe/framework@5.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23
aliases CVE-2025-30148, GHSA-rhx4-hvx9-j387
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy
13
url VCID-ab5z-bqka-xudb
vulnerability_id VCID-ab5z-bqka-xudb
summary 
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43713
published_at 2026-04-13T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43675
published_at 2026-04-01T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.43731
published_at 2026-04-02T12:55:00Z
3
value 0.00212
scoring_system epss
scoring_elements 0.43755
published_at 2026-04-04T12:55:00Z
4
value 0.00212
scoring_system epss
scoring_elements 0.43689
published_at 2026-04-07T12:55:00Z
5
value 0.00212
scoring_system epss
scoring_elements 0.43739
published_at 2026-04-08T12:55:00Z
6
value 0.00212
scoring_system epss
scoring_elements 0.43743
published_at 2026-04-09T12:55:00Z
7
value 0.00212
scoring_system epss
scoring_elements 0.43762
published_at 2026-04-11T12:55:00Z
8
value 0.00212
scoring_system epss
scoring_elements 0.4373
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.exploit-db.com/exploits/43396
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43396
3
reference_url https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43396/
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
reference_id CVE-2017-18049
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
6
reference_url https://github.com/advisories/GHSA-2jvj-mhf2-g99w
reference_id GHSA-2jvj-mhf2-g99w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2jvj-mhf2-g99w
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6-rc1
purl pkg:composer/silverstripe/framework@3.5.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ajga-3b99-yugh
12
vulnerability VCID-axxx-gpfn-mqc9
13
vulnerability VCID-bdcq-z11u-zyh5
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-eddc-w9wx-c3gq
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-g3kz-796v-4qf1
20
vulnerability VCID-kak1-btjp-kqgz
21
vulnerability VCID-kh99-kpkt-pqdq
22
vulnerability VCID-kvhv-9fj5-7kgk
23
vulnerability VCID-kw9p-5fbc-hudg
24
vulnerability VCID-kxa8-dmva-ayff
25
vulnerability VCID-p2kq-rkh6-ayeu
26
vulnerability VCID-pffp-vtk7-pqby
27
vulnerability VCID-pq29-qe7h-tkcp
28
vulnerability VCID-qm38-1cwk-b3hq
29
vulnerability VCID-tc2y-zrea-vyb2
30
vulnerability VCID-tm1s-2m92-uyh9
31
vulnerability VCID-u49v-31sv-eqc3
32
vulnerability VCID-v116-gayp-mbfu
33
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1
1
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
2
url pkg:composer/silverstripe/framework@3.6.3-rc2
purl pkg:composer/silverstripe/framework@3.6.3-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ajga-3b99-yugh
12
vulnerability VCID-axxx-gpfn-mqc9
13
vulnerability VCID-bdcq-z11u-zyh5
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-eddc-w9wx-c3gq
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-ff5q-59gf-nugg
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-g3kz-796v-4qf1
21
vulnerability VCID-kak1-btjp-kqgz
22
vulnerability VCID-kh99-kpkt-pqdq
23
vulnerability VCID-kvhv-9fj5-7kgk
24
vulnerability VCID-kw9p-5fbc-hudg
25
vulnerability VCID-kxa8-dmva-ayff
26
vulnerability VCID-p2kq-rkh6-ayeu
27
vulnerability VCID-pffp-vtk7-pqby
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-v116-gayp-mbfu
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2
3
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-ff5q-59gf-nugg
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-kak1-btjp-kqgz
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-p2kq-rkh6-ayeu
24
vulnerability VCID-pffp-vtk7-pqby
25
vulnerability VCID-pq29-qe7h-tkcp
26
vulnerability VCID-qm38-1cwk-b3hq
27
vulnerability VCID-tc2y-zrea-vyb2
28
vulnerability VCID-tm1s-2m92-uyh9
29
vulnerability VCID-u49v-31sv-eqc3
30
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
4
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-6xwk-ee7f-5ubd
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c75p-3hdz-q3b6
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cfgg-fgjt-z3hn
18
vulnerability VCID-d5q3-jrdb-euav
19
vulnerability VCID-dc9y-v257-6bhf
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-g3kz-796v-4qf1
26
vulnerability VCID-gme6-wj87-ekfw
27
vulnerability VCID-jx5m-bqc6-h3bv
28
vulnerability VCID-kak1-btjp-kqgz
29
vulnerability VCID-kd3t-2gzd-q3hq
30
vulnerability VCID-kgm4-g26x-gken
31
vulnerability VCID-kvhv-9fj5-7kgk
32
vulnerability VCID-kw9p-5fbc-hudg
33
vulnerability VCID-kxa8-dmva-ayff
34
vulnerability VCID-kxyq-vg6e-6uac
35
vulnerability VCID-m8w1-g9h9-vuce
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p554-wkxw-gfdh
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qak9-2t7g-w3fv
40
vulnerability VCID-qjgf-hxng-j3g9
41
vulnerability VCID-qm38-1cwk-b3hq
42
vulnerability VCID-tc2y-zrea-vyb2
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ua49-snhx-dqa4
45
vulnerability VCID-v116-gayp-mbfu
46
vulnerability VCID-w4fh-cpaq-nqat
47
vulnerability VCID-xnb4-zjws-vuhu
48
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
5
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ab5z-bqka-xudb
14
url VCID-ajga-3b99-yugh
vulnerability_id VCID-ajga-3b99-yugh
summary 
Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.

Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44182
published_at 2026-04-02T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44176
published_at 2026-04-13T12:55:00Z
2
value 0.00216
scoring_system epss
scoring_elements 0.44208
published_at 2026-04-11T12:55:00Z
3
value 0.00216
scoring_system epss
scoring_elements 0.44193
published_at 2026-04-09T12:55:00Z
4
value 0.00216
scoring_system epss
scoring_elements 0.44188
published_at 2026-04-08T12:55:00Z
5
value 0.00216
scoring_system epss
scoring_elements 0.44118
published_at 2026-04-01T12:55:00Z
6
value 0.00216
scoring_system epss
scoring_elements 0.44137
published_at 2026-04-07T12:55:00Z
7
value 0.00216
scoring_system epss
scoring_elements 0.44206
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26136
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26136
8
reference_url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
reference_id GHSA-mg2g-8pwj-r2j2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-tc2y-zrea-vyb2
20
vulnerability VCID-ua49-snhx-dqa4
21
vulnerability VCID-w4fh-cpaq-nqat
22
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
aliases CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajga-3b99-yugh
15
url VCID-axxx-gpfn-mqc9
vulnerability_id VCID-axxx-gpfn-mqc9
summary 
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.

## References

- https://www.silverstripe.org/download/security-releases/ss-2024-002

## Reported by

Gaurav Nayak from [Chaleit](https://chaleit.com/)
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
2
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
4
reference_url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
reference_id GHSA-mqf3-qpc3-g26q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases GHSA-mqf3-qpc3-g26q
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9
16
url VCID-bdcq-z11u-zyh5
vulnerability_id VCID-bdcq-z11u-zyh5
summary 
Lack of access control on upoaded files
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48744
published_at 2026-04-01T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48814
published_at 2026-04-13T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.48806
published_at 2026-04-12T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48832
published_at 2026-04-11T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48815
published_at 2026-04-09T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48818
published_at 2026-04-08T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48763
published_at 2026-04-07T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48809
published_at 2026-04-04T12:55:00Z
8
value 0.00255
scoring_system epss
scoring_elements 0.48783
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
10
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pffp-vtk7-pqby
23
vulnerability VCID-pq29-qe7h-tkcp
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-tm1s-2m92-uyh9
27
vulnerability VCID-u49v-31sv-eqc3
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pq29-qe7h-tkcp
23
vulnerability VCID-qm38-1cwk-b3hq
24
vulnerability VCID-tc2y-zrea-vyb2
25
vulnerability VCID-tm1s-2m92-uyh9
26
vulnerability VCID-u49v-31sv-eqc3
27
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdcq-z11u-zyh5
17
url VCID-bmqt-5ybj-kuf6
vulnerability_id VCID-bmqt-5ybj-kuf6
summary 
silverstripe/framework has Cross-site Scripting vulnerability in page name
silverstripe/framework is vulnerable to XSS in Page name where the payload `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-001
4
reference_url https://github.com/advisories/GHSA-hhvj-mcrx-3vcf
reference_id GHSA-hhvj-mcrx-3vcf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhvj-mcrx-3vcf
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-c3vp-kc9a-vkhn
17
vulnerability VCID-cdgj-bdpy-ukak
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-ete7-tupf-63c9
21
vulnerability VCID-fpb7-5pwu-tyg5
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-g3kz-796v-4qf1
24
vulnerability VCID-j9tk-b3hv-q3c1
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kdyk-rrrr-pufw
27
vulnerability VCID-kh99-kpkt-pqdq
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-p2kq-rkh6-ayeu
32
vulnerability VCID-pq29-qe7h-tkcp
33
vulnerability VCID-qm38-1cwk-b3hq
34
vulnerability VCID-tc2y-zrea-vyb2
35
vulnerability VCID-tm1s-2m92-uyh9
36
vulnerability VCID-tzmx-hfk2-7ufr
37
vulnerability VCID-u49v-31sv-eqc3
38
vulnerability VCID-v116-gayp-mbfu
39
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases GHSA-hhvj-mcrx-3vcf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmqt-5ybj-kuf6
18
url VCID-c3vp-kc9a-vkhn
vulnerability_id VCID-c3vp-kc9a-vkhn
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59159
published_at 2026-04-08T12:55:00Z
1
value 0.00375
scoring_system epss
scoring_elements 0.59154
published_at 2026-04-13T12:55:00Z
2
value 0.00375
scoring_system epss
scoring_elements 0.59047
published_at 2026-04-01T12:55:00Z
3
value 0.00375
scoring_system epss
scoring_elements 0.59173
published_at 2026-04-12T12:55:00Z
4
value 0.00375
scoring_system epss
scoring_elements 0.5919
published_at 2026-04-11T12:55:00Z
5
value 0.00375
scoring_system epss
scoring_elements 0.5912
published_at 2026-04-02T12:55:00Z
6
value 0.00375
scoring_system epss
scoring_elements 0.59143
published_at 2026-04-04T12:55:00Z
7
value 0.00375
scoring_system epss
scoring_elements 0.59108
published_at 2026-04-07T12:55:00Z
8
value 0.00375
scoring_system epss
scoring_elements 0.59172
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
7
reference_url https://github.com/advisories/GHSA-j696-6m57-mcrv
reference_id GHSA-j696-6m57-mcrv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j696-6m57-mcrv
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-ff5q-59gf-nugg
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kh99-kpkt-pqdq
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-p2kq-rkh6-ayeu
29
vulnerability VCID-pffp-vtk7-pqby
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
1
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-ff5q-59gf-nugg
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kh99-kpkt-pqdq
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-p2kq-rkh6-ayeu
29
vulnerability VCID-pffp-vtk7-pqby
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vp-kc9a-vkhn
19
url VCID-cdgj-bdpy-ukak
vulnerability_id VCID-cdgj-bdpy-ukak
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42063
published_at 2026-04-01T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42112
published_at 2026-04-13T12:55:00Z
2
value 0.002
scoring_system epss
scoring_elements 0.42138
published_at 2026-04-12T12:55:00Z
3
value 0.002
scoring_system epss
scoring_elements 0.42175
published_at 2026-04-11T12:55:00Z
4
value 0.002
scoring_system epss
scoring_elements 0.42153
published_at 2026-04-09T12:55:00Z
5
value 0.002
scoring_system epss
scoring_elements 0.42142
published_at 2026-04-08T12:55:00Z
6
value 0.002
scoring_system epss
scoring_elements 0.42091
published_at 2026-04-07T12:55:00Z
7
value 0.002
scoring_system epss
scoring_elements 0.42152
published_at 2026-04-04T12:55:00Z
8
value 0.002
scoring_system epss
scoring_elements 0.42124
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
7
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
8
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
10
reference_url https://github.com/advisories/GHSA-fx37-56v6-85q6
reference_id GHSA-fx37-56v6-85q6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx37-56v6-85q6
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdgj-bdpy-ukak
20
url VCID-eddc-w9wx-c3gq
vulnerability_id VCID-eddc-w9wx-c3gq
summary 
Broken access control on files
In SilverStripe assets 4.0, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56436
published_at 2026-04-02T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56462
published_at 2026-04-13T12:55:00Z
2
value 0.00336
scoring_system epss
scoring_elements 0.56481
published_at 2026-04-12T12:55:00Z
3
value 0.00336
scoring_system epss
scoring_elements 0.56506
published_at 2026-04-11T12:55:00Z
4
value 0.00336
scoring_system epss
scoring_elements 0.56495
published_at 2026-04-09T12:55:00Z
5
value 0.00336
scoring_system epss
scoring_elements 0.5649
published_at 2026-04-08T12:55:00Z
6
value 0.00336
scoring_system epss
scoring_elements 0.5644
published_at 2026-04-07T12:55:00Z
7
value 0.00336
scoring_system epss
scoring_elements 0.56458
published_at 2026-04-04T12:55:00Z
8
value 0.00336
scoring_system epss
scoring_elements 0.56338
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
10
reference_url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
reference_id GHSA-43jj-2rwc-2m3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-6xwk-ee7f-5ubd
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c75p-3hdz-q3b6
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cfgg-fgjt-z3hn
18
vulnerability VCID-d5q3-jrdb-euav
19
vulnerability VCID-dc9y-v257-6bhf
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-g3kz-796v-4qf1
26
vulnerability VCID-gme6-wj87-ekfw
27
vulnerability VCID-jx5m-bqc6-h3bv
28
vulnerability VCID-kak1-btjp-kqgz
29
vulnerability VCID-kd3t-2gzd-q3hq
30
vulnerability VCID-kgm4-g26x-gken
31
vulnerability VCID-kvhv-9fj5-7kgk
32
vulnerability VCID-kw9p-5fbc-hudg
33
vulnerability VCID-kxa8-dmva-ayff
34
vulnerability VCID-kxyq-vg6e-6uac
35
vulnerability VCID-m8w1-g9h9-vuce
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p554-wkxw-gfdh
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qak9-2t7g-w3fv
40
vulnerability VCID-qjgf-hxng-j3g9
41
vulnerability VCID-qm38-1cwk-b3hq
42
vulnerability VCID-tc2y-zrea-vyb2
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ua49-snhx-dqa4
45
vulnerability VCID-v116-gayp-mbfu
46
vulnerability VCID-w4fh-cpaq-nqat
47
vulnerability VCID-xnb4-zjws-vuhu
48
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eddc-w9wx-c3gq
21
url VCID-enkd-4y44-4ueq
vulnerability_id VCID-enkd-4y44-4ueq
summary 
FormField with square brackets in field name skips validation
FileField with array notation skips validation

The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.

PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.

In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52598
published_at 2026-04-13T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52539
published_at 2026-04-02T12:55:00Z
2
value 0.00292
scoring_system epss
scoring_elements 0.52566
published_at 2026-04-04T12:55:00Z
3
value 0.00292
scoring_system epss
scoring_elements 0.52532
published_at 2026-04-07T12:55:00Z
4
value 0.00292
scoring_system epss
scoring_elements 0.52584
published_at 2026-04-08T12:55:00Z
5
value 0.00292
scoring_system epss
scoring_elements 0.52578
published_at 2026-04-09T12:55:00Z
6
value 0.00292
scoring_system epss
scoring_elements 0.52629
published_at 2026-04-11T12:55:00Z
7
value 0.00292
scoring_system epss
scoring_elements 0.52612
published_at 2026-04-12T12:55:00Z
8
value 0.00292
scoring_system epss
scoring_elements 0.52493
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26138
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id CVE-2020-26138
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
8
reference_url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
reference_id GHSA-7mv4-4xpg-xq44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-tc2y-zrea-vyb2
20
vulnerability VCID-ua49-snhx-dqa4
21
vulnerability VCID-w4fh-cpaq-nqat
22
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-tc2y-zrea-vyb2
20
vulnerability VCID-ua49-snhx-dqa4
21
vulnerability VCID-w4fh-cpaq-nqat
22
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq
22
url VCID-ete7-tupf-63c9
vulnerability_id VCID-ete7-tupf-63c9
summary 
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
RedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-003
3
reference_url https://github.com/advisories/GHSA-pp7q-6j3f-74vj
reference_id GHSA-pp7q-6j3f-74vj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp7q-6j3f-74vj
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.4
purl pkg:composer/silverstripe/framework@3.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-kh99-kpkt-pqdq
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4
aliases GHSA-pp7q-6j3f-74vj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ete7-tupf-63c9
23
url VCID-fpb7-5pwu-tyg5
vulnerability_id VCID-fpb7-5pwu-tyg5
summary 
SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.5359
published_at 2026-04-01T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.53674
published_at 2026-04-13T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53708
published_at 2026-04-11T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53659
published_at 2026-04-09T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53661
published_at 2026-04-08T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.5361
published_at 2026-04-07T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.53642
published_at 2026-04-04T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53614
published_at 2026-04-02T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.53691
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
10
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
reference_id CVE-2019-12617
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
11
reference_url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
reference_id GHSA-6r58-4xgr-gm6m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpb7-5pwu-tyg5
24
url VCID-fyxa-vzeq-ubeq
vulnerability_id VCID-fyxa-vzeq-ubeq
summary 
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43357
published_at 2026-04-02T12:55:00Z
1
value 0.00209
scoring_system epss
scoring_elements 0.43362
published_at 2026-04-13T12:55:00Z
2
value 0.00209
scoring_system epss
scoring_elements 0.43377
published_at 2026-04-12T12:55:00Z
3
value 0.00209
scoring_system epss
scoring_elements 0.43409
published_at 2026-04-11T12:55:00Z
4
value 0.00209
scoring_system epss
scoring_elements 0.43389
published_at 2026-04-09T12:55:00Z
5
value 0.00209
scoring_system epss
scoring_elements 0.43374
published_at 2026-04-08T12:55:00Z
6
value 0.00209
scoring_system epss
scoring_elements 0.43322
published_at 2026-04-07T12:55:00Z
7
value 0.00209
scoring_system epss
scoring_elements 0.43384
published_at 2026-04-04T12:55:00Z
8
value 0.00209
scoring_system epss
scoring_elements 0.433
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19326
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19326
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-19326
8
reference_url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
reference_id GHSA-q9ff-3q93-fm8m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q9ff-3q93-fm8m
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-enkd-4y44-4ueq
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kvhv-9fj5-7kgk
13
vulnerability VCID-kw9p-5fbc-hudg
14
vulnerability VCID-kxa8-dmva-ayff
15
vulnerability VCID-qm38-1cwk-b3hq
16
vulnerability VCID-tc2y-zrea-vyb2
17
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
1
url pkg:composer/silverstripe/framework@4.4.7
purl pkg:composer/silverstripe/framework@4.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-enkd-4y44-4ueq
13
vulnerability VCID-ftdr-uzuh-8ybc
14
vulnerability VCID-gme6-wj87-ekfw
15
vulnerability VCID-kak1-btjp-kqgz
16
vulnerability VCID-kd3t-2gzd-q3hq
17
vulnerability VCID-kgm4-g26x-gken
18
vulnerability VCID-kvhv-9fj5-7kgk
19
vulnerability VCID-kw9p-5fbc-hudg
20
vulnerability VCID-kxa8-dmva-ayff
21
vulnerability VCID-qjgf-hxng-j3g9
22
vulnerability VCID-qm38-1cwk-b3hq
23
vulnerability VCID-tc2y-zrea-vyb2
24
vulnerability VCID-ua49-snhx-dqa4
25
vulnerability VCID-w4fh-cpaq-nqat
26
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7
2
url pkg:composer/silverstripe/framework@4.5.4
purl pkg:composer/silverstripe/framework@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-enkd-4y44-4ueq
13
vulnerability VCID-ftdr-uzuh-8ybc
14
vulnerability VCID-kak1-btjp-kqgz
15
vulnerability VCID-kd3t-2gzd-q3hq
16
vulnerability VCID-kgm4-g26x-gken
17
vulnerability VCID-kvhv-9fj5-7kgk
18
vulnerability VCID-kw9p-5fbc-hudg
19
vulnerability VCID-kxa8-dmva-ayff
20
vulnerability VCID-qjgf-hxng-j3g9
21
vulnerability VCID-qm38-1cwk-b3hq
22
vulnerability VCID-tc2y-zrea-vyb2
23
vulnerability VCID-ua49-snhx-dqa4
24
vulnerability VCID-w4fh-cpaq-nqat
25
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4
aliases CVE-2019-19326, GHSA-q9ff-3q93-fm8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq
25
url VCID-g3kz-796v-4qf1
vulnerability_id VCID-g3kz-796v-4qf1
summary 
silverstripe/framework CSV Excel Macro Injection
In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed.

In order to safeguard against this threat all potentially executable cell values exported from CSV will be prepended with a literal tab character.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797
5
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
6
reference_url https://github.com/advisories/GHSA-mqjc-x563-c9q8
reference_id GHSA-mqjc-x563-c9q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqjc-x563-c9q8
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
1
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-ff5q-59gf-nugg
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-kak1-btjp-kqgz
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-p2kq-rkh6-ayeu
24
vulnerability VCID-pffp-vtk7-pqby
25
vulnerability VCID-pq29-qe7h-tkcp
26
vulnerability VCID-qm38-1cwk-b3hq
27
vulnerability VCID-tc2y-zrea-vyb2
28
vulnerability VCID-tm1s-2m92-uyh9
29
vulnerability VCID-u49v-31sv-eqc3
30
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
2
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases GHSA-mqjc-x563-c9q8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3kz-796v-4qf1
26
url VCID-j6ze-f76y-cqgy
vulnerability_id VCID-j6ze-f76y-cqgy
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.49955
published_at 2026-04-04T12:55:00Z
1
value 0.00265
scoring_system epss
scoring_elements 0.49941
published_at 2026-04-13T12:55:00Z
2
value 0.00265
scoring_system epss
scoring_elements 0.49943
published_at 2026-04-12T12:55:00Z
3
value 0.00265
scoring_system epss
scoring_elements 0.49972
published_at 2026-04-11T12:55:00Z
4
value 0.00265
scoring_system epss
scoring_elements 0.49953
published_at 2026-04-09T12:55:00Z
5
value 0.00265
scoring_system epss
scoring_elements 0.4996
published_at 2026-04-08T12:55:00Z
6
value 0.00265
scoring_system epss
scoring_elements 0.49891
published_at 2026-04-01T12:55:00Z
7
value 0.00265
scoring_system epss
scoring_elements 0.49928
published_at 2026-04-02T12:55:00Z
8
value 0.00265
scoring_system epss
scoring_elements 0.49905
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-71cx-seqr-3fh5
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-bmqt-5ybj-kuf6
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-g3kz-796v-4qf1
26
vulnerability VCID-j9tk-b3hv-q3c1
27
vulnerability VCID-kak1-btjp-kqgz
28
vulnerability VCID-kdyk-rrrr-pufw
29
vulnerability VCID-kh99-kpkt-pqdq
30
vulnerability VCID-kvhv-9fj5-7kgk
31
vulnerability VCID-kw9p-5fbc-hudg
32
vulnerability VCID-kxa8-dmva-ayff
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-pq29-qe7h-tkcp
35
vulnerability VCID-qm38-1cwk-b3hq
36
vulnerability VCID-tc2y-zrea-vyb2
37
vulnerability VCID-tm1s-2m92-uyh9
38
vulnerability VCID-tzmx-hfk2-7ufr
39
vulnerability VCID-u49v-31sv-eqc3
40
vulnerability VCID-v116-gayp-mbfu
41
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
1
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-4f9c-aun4-wfep
4
vulnerability VCID-4x32-t75c-u3bj
5
vulnerability VCID-5pkg-j4wg-7fcn
6
vulnerability VCID-6du5-hdvd-fueb
7
vulnerability VCID-6epx-c68d-d7bv
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ab5z-bqka-xudb
13
vulnerability VCID-ajga-3b99-yugh
14
vulnerability VCID-axxx-gpfn-mqc9
15
vulnerability VCID-bdcq-z11u-zyh5
16
vulnerability VCID-c3vp-kc9a-vkhn
17
vulnerability VCID-cdgj-bdpy-ukak
18
vulnerability VCID-eddc-w9wx-c3gq
19
vulnerability VCID-enkd-4y44-4ueq
20
vulnerability VCID-ete7-tupf-63c9
21
vulnerability VCID-fpb7-5pwu-tyg5
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-g3kz-796v-4qf1
24
vulnerability VCID-j9tk-b3hv-q3c1
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kdyk-rrrr-pufw
27
vulnerability VCID-kh99-kpkt-pqdq
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-p2kq-rkh6-ayeu
32
vulnerability VCID-pq29-qe7h-tkcp
33
vulnerability VCID-qm38-1cwk-b3hq
34
vulnerability VCID-tc2y-zrea-vyb2
35
vulnerability VCID-tm1s-2m92-uyh9
36
vulnerability VCID-tzmx-hfk2-7ufr
37
vulnerability VCID-u49v-31sv-eqc3
38
vulnerability VCID-v116-gayp-mbfu
39
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ze-f76y-cqgy
27
url VCID-j9tk-b3hv-q3c1
vulnerability_id VCID-j9tk-b3hv-q3c1
summary 
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
4
reference_url https://github.com/advisories/GHSA-7m2v-x7rg-5hm5
reference_id GHSA-7m2v-x7rg-5hm5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7m2v-x7rg-5hm5
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-g3kz-796v-4qf1
21
vulnerability VCID-kak1-btjp-kqgz
22
vulnerability VCID-kh99-kpkt-pqdq
23
vulnerability VCID-kvhv-9fj5-7kgk
24
vulnerability VCID-kw9p-5fbc-hudg
25
vulnerability VCID-kxa8-dmva-ayff
26
vulnerability VCID-p2kq-rkh6-ayeu
27
vulnerability VCID-pffp-vtk7-pqby
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-v116-gayp-mbfu
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
1
url pkg:composer/silverstripe/framework@3.6.2
purl pkg:composer/silverstripe/framework@3.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-ff5q-59gf-nugg
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kh99-kpkt-pqdq
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pffp-vtk7-pqby
29
vulnerability VCID-pq29-qe7h-tkcp
30
vulnerability VCID-qm38-1cwk-b3hq
31
vulnerability VCID-tc2y-zrea-vyb2
32
vulnerability VCID-tm1s-2m92-uyh9
33
vulnerability VCID-u49v-31sv-eqc3
34
vulnerability VCID-v116-gayp-mbfu
35
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2
aliases GHSA-7m2v-x7rg-5hm5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j9tk-b3hv-q3c1
28
url VCID-kak1-btjp-kqgz
vulnerability_id VCID-kak1-btjp-kqgz
summary 
Silverstripe uses TinyMCE which allows svg files linked in object tags
### Impact
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.

Note that `<embed>` tags are not allowed by default.

After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.

We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.

### References:
- https://www.silverstripe.org/download/security-releases/ss-2024-001
- https://github.com/advisories/GHSA-5359-pvf2-pw78
references
0
reference_url https://github.com/advisories/GHSA-5359-pvf2-pw78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5359-pvf2-pw78
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-001
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-001
5
reference_url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
reference_id GHSA-52cw-pvq9-9m5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kvhv-9fj5-7kgk
4
vulnerability VCID-kw9p-5fbc-hudg
5
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases GHSA-52cw-pvq9-9m5v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz
29
url VCID-kdyk-rrrr-pufw
vulnerability_id VCID-kdyk-rrrr-pufw
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45872
published_at 2026-04-04T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.45873
published_at 2026-04-13T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45866
published_at 2026-04-12T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45896
published_at 2026-04-11T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.45785
published_at 2026-04-01T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.45874
published_at 2026-04-09T12:55:00Z
6
value 0.0023
scoring_system epss
scoring_elements 0.45878
published_at 2026-04-08T12:55:00Z
7
value 0.0023
scoring_system epss
scoring_elements 0.4585
published_at 2026-04-02T12:55:00Z
8
value 0.0023
scoring_system epss
scoring_elements 0.45822
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
5
reference_url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
reference_id GHSA-fwhr-g5r4-xgxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhr-g5r4-xgxf
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5-beta1
purl pkg:composer/silverstripe/framework@3.5.5-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-g3kz-796v-4qf1
21
vulnerability VCID-j9tk-b3hv-q3c1
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kh99-kpkt-pqdq
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-p2kq-rkh6-ayeu
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-v116-gayp-mbfu
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1
1
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-g3kz-796v-4qf1
21
vulnerability VCID-kak1-btjp-kqgz
22
vulnerability VCID-kh99-kpkt-pqdq
23
vulnerability VCID-kvhv-9fj5-7kgk
24
vulnerability VCID-kw9p-5fbc-hudg
25
vulnerability VCID-kxa8-dmva-ayff
26
vulnerability VCID-p2kq-rkh6-ayeu
27
vulnerability VCID-pffp-vtk7-pqby
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-v116-gayp-mbfu
34
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
2
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-ff5q-59gf-nugg
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kh99-kpkt-pqdq
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-p2kq-rkh6-ayeu
29
vulnerability VCID-pffp-vtk7-pqby
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
3
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-cdgj-bdpy-ukak
16
vulnerability VCID-eddc-w9wx-c3gq
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-ff5q-59gf-nugg
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kh99-kpkt-pqdq
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-p2kq-rkh6-ayeu
29
vulnerability VCID-pffp-vtk7-pqby
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyk-rrrr-pufw
30
url VCID-kh99-kpkt-pqdq
vulnerability_id VCID-kh99-kpkt-pqdq
summary 
silverstripe/framework's User-Agent header not correctly invalidating user session
A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user session.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-006
5
reference_url https://github.com/advisories/GHSA-4qx8-j9vh-2628
reference_id GHSA-4qx8-j9vh-2628
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4qx8-j9vh-2628
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
1
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-ff5q-59gf-nugg
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-kak1-btjp-kqgz
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-p2kq-rkh6-ayeu
24
vulnerability VCID-pffp-vtk7-pqby
25
vulnerability VCID-pq29-qe7h-tkcp
26
vulnerability VCID-qm38-1cwk-b3hq
27
vulnerability VCID-tc2y-zrea-vyb2
28
vulnerability VCID-tm1s-2m92-uyh9
29
vulnerability VCID-u49v-31sv-eqc3
30
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
aliases GHSA-4qx8-j9vh-2628
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kh99-kpkt-pqdq
31
url VCID-kvhv-9fj5-7kgk
vulnerability_id VCID-kvhv-9fj5-7kgk
summary 
Silverstripe Framework has a XSS via insert media remote file oembed
### Impact

When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.

## References

- https://www.silverstripe.org/download/security-releases/cve-2024-47605

## Reported by

James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
reference_id
reference_type
scores
0
value 0.0398
scoring_system epss
scoring_elements 0.88367
published_at 2026-04-04T12:55:00Z
1
value 0.0398
scoring_system epss
scoring_elements 0.884
published_at 2026-04-13T12:55:00Z
2
value 0.0398
scoring_system epss
scoring_elements 0.88408
published_at 2026-04-11T12:55:00Z
3
value 0.0398
scoring_system epss
scoring_elements 0.88397
published_at 2026-04-09T12:55:00Z
4
value 0.0398
scoring_system epss
scoring_elements 0.88391
published_at 2026-04-08T12:55:00Z
5
value 0.0398
scoring_system epss
scoring_elements 0.88372
published_at 2026-04-07T12:55:00Z
6
value 0.0398
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
2
reference_url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-47605
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-47605
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
reference_id CVE-2024-47605
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
8
reference_url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
reference_id GHSA-7cmp-cgg8-4c82
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-47605, GHSA-7cmp-cgg8-4c82
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk
32
url VCID-kw9p-5fbc-hudg
vulnerability_id VCID-kw9p-5fbc-hudg
summary 
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
3
reference_url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
reference_id GHSA-74j9-xhqr-6qv3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3yc-fxa1-gfhy
1
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
aliases GHSA-74j9-xhqr-6qv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg
33
url VCID-kxa8-dmva-ayff
vulnerability_id VCID-kxa8-dmva-ayff
summary 
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57282
published_at 2026-04-01T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57393
published_at 2026-04-13T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57411
published_at 2026-04-12T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57432
published_at 2026-04-11T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57417
published_at 2026-04-09T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57414
published_at 2026-04-08T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57363
published_at 2026-04-07T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57387
published_at 2026-04-04T12:55:00Z
8
value 0.00348
scoring_system epss
scoring_elements 0.57364
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-41559
7
reference_url https://github.com/advisories/GHSA-9fmg-89fx-r33w
reference_id GHSA-9fmg-89fx-r33w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fmg-89fx-r33w
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.9
purl pkg:composer/silverstripe/framework@4.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-4x32-t75c-u3bj
2
vulnerability VCID-5pkg-j4wg-7fcn
3
vulnerability VCID-6epx-c68d-d7bv
4
vulnerability VCID-86yd-4mkt-hydr
5
vulnerability VCID-a3yc-fxa1-gfhy
6
vulnerability VCID-axxx-gpfn-mqc9
7
vulnerability VCID-cfgg-fgjt-z3hn
8
vulnerability VCID-d5q3-jrdb-euav
9
vulnerability VCID-ftdr-uzuh-8ybc
10
vulnerability VCID-kak1-btjp-kqgz
11
vulnerability VCID-kgm4-g26x-gken
12
vulnerability VCID-kvhv-9fj5-7kgk
13
vulnerability VCID-kw9p-5fbc-hudg
14
vulnerability VCID-qjgf-hxng-j3g9
15
vulnerability VCID-qm38-1cwk-b3hq
16
vulnerability VCID-ua49-snhx-dqa4
17
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9
1
url pkg:composer/silverstripe/framework@4.11.0-beta1
purl pkg:composer/silverstripe/framework@4.11.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9c-aun4-wfep
1
vulnerability VCID-4x32-t75c-u3bj
2
vulnerability VCID-5pkg-j4wg-7fcn
3
vulnerability VCID-6epx-c68d-d7bv
4
vulnerability VCID-86yd-4mkt-hydr
5
vulnerability VCID-a3yc-fxa1-gfhy
6
vulnerability VCID-axxx-gpfn-mqc9
7
vulnerability VCID-d5q3-jrdb-euav
8
vulnerability VCID-ftdr-uzuh-8ybc
9
vulnerability VCID-kak1-btjp-kqgz
10
vulnerability VCID-kgm4-g26x-gken
11
vulnerability VCID-kvhv-9fj5-7kgk
12
vulnerability VCID-kw9p-5fbc-hudg
13
vulnerability VCID-qjgf-hxng-j3g9
14
vulnerability VCID-qm38-1cwk-b3hq
15
vulnerability VCID-ua49-snhx-dqa4
16
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1
aliases CVE-2021-41559, GHSA-9fmg-89fx-r33w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxa8-dmva-ayff
34
url VCID-p2kq-rkh6-ayeu
vulnerability_id VCID-p2kq-rkh6-ayeu
summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55286
published_at 2026-04-13T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.5516
published_at 2026-04-01T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.5526
published_at 2026-04-02T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.55283
published_at 2026-04-04T12:55:00Z
4
value 0.00322
scoring_system epss
scoring_elements 0.55264
published_at 2026-04-07T12:55:00Z
5
value 0.00322
scoring_system epss
scoring_elements 0.55315
published_at 2026-04-08T12:55:00Z
6
value 0.00322
scoring_system epss
scoring_elements 0.55316
published_at 2026-04-09T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55327
published_at 2026-04-11T12:55:00Z
8
value 0.00322
scoring_system epss
scoring_elements 0.55305
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/issues/8814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/issues/8814
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-021
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*
10
reference_url https://github.com/advisories/GHSA-wvfw-w3x6-g526
reference_id GHSA-wvfw-w3x6-g526
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wvfw-w3x6-g526
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.7
purl pkg:composer/silverstripe/framework@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pffp-vtk7-pqby
23
vulnerability VCID-pq29-qe7h-tkcp
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-tm1s-2m92-uyh9
27
vulnerability VCID-u49v-31sv-eqc3
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7
1
url pkg:composer/silverstripe/framework@3.7.3
purl pkg:composer/silverstripe/framework@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-pq29-qe7h-tkcp
23
vulnerability VCID-qm38-1cwk-b3hq
24
vulnerability VCID-tc2y-zrea-vyb2
25
vulnerability VCID-tm1s-2m92-uyh9
26
vulnerability VCID-u49v-31sv-eqc3
27
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3
2
url pkg:composer/silverstripe/framework@4.0.7
purl pkg:composer/silverstripe/framework@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cdgj-bdpy-ukak
13
vulnerability VCID-cfgg-fgjt-z3hn
14
vulnerability VCID-d5q3-jrdb-euav
15
vulnerability VCID-dc9y-v257-6bhf
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-ftdr-uzuh-8ybc
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-gme6-wj87-ekfw
21
vulnerability VCID-kak1-btjp-kqgz
22
vulnerability VCID-kd3t-2gzd-q3hq
23
vulnerability VCID-kgm4-g26x-gken
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-m8w1-g9h9-vuce
28
vulnerability VCID-pq29-qe7h-tkcp
29
vulnerability VCID-qjgf-hxng-j3g9
30
vulnerability VCID-qm38-1cwk-b3hq
31
vulnerability VCID-tc2y-zrea-vyb2
32
vulnerability VCID-u49v-31sv-eqc3
33
vulnerability VCID-ua49-snhx-dqa4
34
vulnerability VCID-w4fh-cpaq-nqat
35
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7
3
url pkg:composer/silverstripe/framework@4.1.5
purl pkg:composer/silverstripe/framework@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-m8w1-g9h9-vuce
29
vulnerability VCID-pq29-qe7h-tkcp
30
vulnerability VCID-qjgf-hxng-j3g9
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-u49v-31sv-eqc3
34
vulnerability VCID-ua49-snhx-dqa4
35
vulnerability VCID-w4fh-cpaq-nqat
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5
4
url pkg:composer/silverstripe/framework@4.2.4
purl pkg:composer/silverstripe/framework@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-m8w1-g9h9-vuce
29
vulnerability VCID-pq29-qe7h-tkcp
30
vulnerability VCID-qjgf-hxng-j3g9
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-u49v-31sv-eqc3
34
vulnerability VCID-ua49-snhx-dqa4
35
vulnerability VCID-w4fh-cpaq-nqat
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4
5
url pkg:composer/silverstripe/framework@4.3.1
purl pkg:composer/silverstripe/framework@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-658d-vmwt-f7e8
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-cfgg-fgjt-z3hn
15
vulnerability VCID-d5q3-jrdb-euav
16
vulnerability VCID-dc9y-v257-6bhf
17
vulnerability VCID-enkd-4y44-4ueq
18
vulnerability VCID-fpb7-5pwu-tyg5
19
vulnerability VCID-ftdr-uzuh-8ybc
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-gme6-wj87-ekfw
22
vulnerability VCID-kak1-btjp-kqgz
23
vulnerability VCID-kd3t-2gzd-q3hq
24
vulnerability VCID-kgm4-g26x-gken
25
vulnerability VCID-kvhv-9fj5-7kgk
26
vulnerability VCID-kw9p-5fbc-hudg
27
vulnerability VCID-kxa8-dmva-ayff
28
vulnerability VCID-m8w1-g9h9-vuce
29
vulnerability VCID-pq29-qe7h-tkcp
30
vulnerability VCID-qjgf-hxng-j3g9
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-u49v-31sv-eqc3
34
vulnerability VCID-ua49-snhx-dqa4
35
vulnerability VCID-w4fh-cpaq-nqat
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1
aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu
35
url VCID-pq29-qe7h-tkcp
vulnerability_id VCID-pq29-qe7h-tkcp
summary 
Silverstripe Flash Clipboard Reflected XSS
SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59302
published_at 2026-04-02T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59338
published_at 2026-04-13T12:55:00Z
2
value 0.00378
scoring_system epss
scoring_elements 0.59228
published_at 2026-04-01T12:55:00Z
3
value 0.00378
scoring_system epss
scoring_elements 0.59356
published_at 2026-04-12T12:55:00Z
4
value 0.00378
scoring_system epss
scoring_elements 0.59373
published_at 2026-04-11T12:55:00Z
5
value 0.00378
scoring_system epss
scoring_elements 0.59353
published_at 2026-04-09T12:55:00Z
6
value 0.00378
scoring_system epss
scoring_elements 0.59341
published_at 2026-04-08T12:55:00Z
7
value 0.00378
scoring_system epss
scoring_elements 0.5929
published_at 2026-04-07T12:55:00Z
8
value 0.00378
scoring_system epss
scoring_elements 0.59325
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
10
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205/
reference_id CVE-2019-12205
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12205/
11
reference_url https://github.com/advisories/GHSA-rfvw-5848-gxc5
reference_id GHSA-rfvw-5848-gxc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfvw-5848-gxc5
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp
36
url VCID-qm38-1cwk-b3hq
vulnerability_id VCID-qm38-1cwk-b3hq
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
reference_id
reference_type
scores
0
value 0.00262
scoring_system epss
scoring_elements 0.49576
published_at 2026-04-02T12:55:00Z
1
value 0.00262
scoring_system epss
scoring_elements 0.49621
published_at 2026-04-11T12:55:00Z
2
value 0.00262
scoring_system epss
scoring_elements 0.49609
published_at 2026-04-08T12:55:00Z
3
value 0.00262
scoring_system epss
scoring_elements 0.49554
published_at 2026-04-07T12:55:00Z
4
value 0.00262
scoring_system epss
scoring_elements 0.49603
published_at 2026-04-09T12:55:00Z
5
value 0.00262
scoring_system epss
scoring_elements 0.49593
published_at 2026-04-13T12:55:00Z
6
value 0.00262
scoring_system epss
scoring_elements 0.49592
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22729
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22729
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
reference_id CVE-2023-22729
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
6
reference_url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5pkg-j4wg-7fcn
1
vulnerability VCID-6epx-c68d-d7bv
2
vulnerability VCID-86yd-4mkt-hydr
3
vulnerability VCID-a3yc-fxa1-gfhy
4
vulnerability VCID-axxx-gpfn-mqc9
5
vulnerability VCID-kak1-btjp-kqgz
6
vulnerability VCID-kvhv-9fj5-7kgk
7
vulnerability VCID-kw9p-5fbc-hudg
8
vulnerability VCID-qjgf-hxng-j3g9
9
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22729, GHSA-fw84-xgm8-9jmv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq
37
url VCID-tc2y-zrea-vyb2
vulnerability_id VCID-tc2y-zrea-vyb2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.5896
published_at 2026-04-13T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.58857
published_at 2026-04-01T12:55:00Z
2
value 0.00372
scoring_system epss
scoring_elements 0.58932
published_at 2026-04-02T12:55:00Z
3
value 0.00372
scoring_system epss
scoring_elements 0.58954
published_at 2026-04-04T12:55:00Z
4
value 0.00372
scoring_system epss
scoring_elements 0.5892
published_at 2026-04-07T12:55:00Z
5
value 0.00372
scoring_system epss
scoring_elements 0.58972
published_at 2026-04-08T12:55:00Z
6
value 0.00372
scoring_system epss
scoring_elements 0.58978
published_at 2026-04-09T12:55:00Z
7
value 0.00372
scoring_system epss
scoring_elements 0.58997
published_at 2026-04-11T12:55:00Z
8
value 0.00372
scoring_system epss
scoring_elements 0.58979
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
6
reference_url https://github.com/advisories/GHSA-j66h-cc96-c32q
reference_id GHSA-j66h-cc96-c32q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j66h-cc96-c32q
fixed_packages
0
url pkg:composer/silverstripe/framework@4.9.0-alpha1
purl pkg:composer/silverstripe/framework@4.9.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-ua49-snhx-dqa4
20
vulnerability VCID-w4fh-cpaq-nqat
21
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1
1
url pkg:composer/silverstripe/framework@4.9.0
purl pkg:composer/silverstripe/framework@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-86yd-4mkt-hydr
6
vulnerability VCID-a3yc-fxa1-gfhy
7
vulnerability VCID-axxx-gpfn-mqc9
8
vulnerability VCID-cfgg-fgjt-z3hn
9
vulnerability VCID-d5q3-jrdb-euav
10
vulnerability VCID-ftdr-uzuh-8ybc
11
vulnerability VCID-kak1-btjp-kqgz
12
vulnerability VCID-kd3t-2gzd-q3hq
13
vulnerability VCID-kgm4-g26x-gken
14
vulnerability VCID-kvhv-9fj5-7kgk
15
vulnerability VCID-kw9p-5fbc-hudg
16
vulnerability VCID-kxa8-dmva-ayff
17
vulnerability VCID-qjgf-hxng-j3g9
18
vulnerability VCID-qm38-1cwk-b3hq
19
vulnerability VCID-ua49-snhx-dqa4
20
vulnerability VCID-w4fh-cpaq-nqat
21
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0
aliases CVE-2021-36150, GHSA-j66h-cc96-c32q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2
38
url VCID-tm1s-2m92-uyh9
vulnerability_id VCID-tm1s-2m92-uyh9
summary 
SilverStripe asset-admin Cross-site Scripting (XSS)
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57275
published_at 2026-04-02T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57342
published_at 2026-04-11T12:55:00Z
2
value 0.00347
scoring_system epss
scoring_elements 0.57327
published_at 2026-04-09T12:55:00Z
3
value 0.00347
scoring_system epss
scoring_elements 0.57325
published_at 2026-04-08T12:55:00Z
4
value 0.00347
scoring_system epss
scoring_elements 0.57274
published_at 2026-04-07T12:55:00Z
5
value 0.00347
scoring_system epss
scoring_elements 0.57194
published_at 2026-04-01T12:55:00Z
6
value 0.00347
scoring_system epss
scoring_elements 0.57298
published_at 2026-04-04T12:55:00Z
7
value 0.00347
scoring_system epss
scoring_elements 0.57301
published_at 2026-04-13T12:55:00Z
8
value 0.00347
scoring_system epss
scoring_elements 0.57322
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
9
reference_url https://github.com/advisories/GHSA-jgw2-f5mx-rg7h
reference_id GHSA-jgw2-f5mx-rg7h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgw2-f5mx-rg7h
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-6xwk-ee7f-5ubd
8
vulnerability VCID-71cx-seqr-3fh5
9
vulnerability VCID-7dk3-gcup-2kc9
10
vulnerability VCID-86yd-4mkt-hydr
11
vulnerability VCID-a3yc-fxa1-gfhy
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c75p-3hdz-q3b6
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-cfgg-fgjt-z3hn
18
vulnerability VCID-d5q3-jrdb-euav
19
vulnerability VCID-dc9y-v257-6bhf
20
vulnerability VCID-enkd-4y44-4ueq
21
vulnerability VCID-ff5q-59gf-nugg
22
vulnerability VCID-fpb7-5pwu-tyg5
23
vulnerability VCID-ftdr-uzuh-8ybc
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-g3kz-796v-4qf1
26
vulnerability VCID-gme6-wj87-ekfw
27
vulnerability VCID-jx5m-bqc6-h3bv
28
vulnerability VCID-kak1-btjp-kqgz
29
vulnerability VCID-kd3t-2gzd-q3hq
30
vulnerability VCID-kgm4-g26x-gken
31
vulnerability VCID-kvhv-9fj5-7kgk
32
vulnerability VCID-kw9p-5fbc-hudg
33
vulnerability VCID-kxa8-dmva-ayff
34
vulnerability VCID-kxyq-vg6e-6uac
35
vulnerability VCID-m8w1-g9h9-vuce
36
vulnerability VCID-p2kq-rkh6-ayeu
37
vulnerability VCID-p554-wkxw-gfdh
38
vulnerability VCID-pq29-qe7h-tkcp
39
vulnerability VCID-qak9-2t7g-w3fv
40
vulnerability VCID-qjgf-hxng-j3g9
41
vulnerability VCID-qm38-1cwk-b3hq
42
vulnerability VCID-tc2y-zrea-vyb2
43
vulnerability VCID-u49v-31sv-eqc3
44
vulnerability VCID-ua49-snhx-dqa4
45
vulnerability VCID-v116-gayp-mbfu
46
vulnerability VCID-w4fh-cpaq-nqat
47
vulnerability VCID-xnb4-zjws-vuhu
48
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-qjgf-hxng-j3g9
24
vulnerability VCID-qm38-1cwk-b3hq
25
vulnerability VCID-tc2y-zrea-vyb2
26
vulnerability VCID-ua49-snhx-dqa4
27
vulnerability VCID-w4fh-cpaq-nqat
28
vulnerability VCID-xw77-b18v-8kc4
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tm1s-2m92-uyh9
39
url VCID-tzmx-hfk2-7ufr
vulnerability_id VCID-tzmx-hfk2-7ufr
summary 
silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages.

- Users that don't exist in will never get a locked out message
- Users that do exist, will get a locked out message

This means an attacker can infer or confirm user details that exist in the member table.

This issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49
3
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-002
4
reference_url https://github.com/advisories/GHSA-g84q-cq55-xwgp
reference_id GHSA-g84q-cq55-xwgp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g84q-cq55-xwgp
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.4
purl pkg:composer/silverstripe/framework@3.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-71cx-seqr-3fh5
8
vulnerability VCID-7dk3-gcup-2kc9
9
vulnerability VCID-86yd-4mkt-hydr
10
vulnerability VCID-a3yc-fxa1-gfhy
11
vulnerability VCID-ab5z-bqka-xudb
12
vulnerability VCID-ajga-3b99-yugh
13
vulnerability VCID-axxx-gpfn-mqc9
14
vulnerability VCID-bdcq-z11u-zyh5
15
vulnerability VCID-c3vp-kc9a-vkhn
16
vulnerability VCID-cdgj-bdpy-ukak
17
vulnerability VCID-eddc-w9wx-c3gq
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-fpb7-5pwu-tyg5
20
vulnerability VCID-fyxa-vzeq-ubeq
21
vulnerability VCID-g3kz-796v-4qf1
22
vulnerability VCID-j9tk-b3hv-q3c1
23
vulnerability VCID-kak1-btjp-kqgz
24
vulnerability VCID-kdyk-rrrr-pufw
25
vulnerability VCID-kh99-kpkt-pqdq
26
vulnerability VCID-kvhv-9fj5-7kgk
27
vulnerability VCID-kw9p-5fbc-hudg
28
vulnerability VCID-kxa8-dmva-ayff
29
vulnerability VCID-p2kq-rkh6-ayeu
30
vulnerability VCID-pq29-qe7h-tkcp
31
vulnerability VCID-qm38-1cwk-b3hq
32
vulnerability VCID-tc2y-zrea-vyb2
33
vulnerability VCID-tm1s-2m92-uyh9
34
vulnerability VCID-u49v-31sv-eqc3
35
vulnerability VCID-v116-gayp-mbfu
36
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4
aliases GHSA-g84q-cq55-xwgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzmx-hfk2-7ufr
40
url VCID-u49v-31sv-eqc3
vulnerability_id VCID-u49v-31sv-eqc3
summary 
SilverStripe Denial of Service on flush and development URL tools
SilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36415
published_at 2026-04-02T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.36359
published_at 2026-04-11T12:55:00Z
2
value 0.00156
scoring_system epss
scoring_elements 0.36352
published_at 2026-04-09T12:55:00Z
3
value 0.00156
scoring_system epss
scoring_elements 0.36331
published_at 2026-04-08T12:55:00Z
4
value 0.00156
scoring_system epss
scoring_elements 0.36283
published_at 2026-04-07T12:55:00Z
5
value 0.00156
scoring_system epss
scoring_elements 0.36448
published_at 2026-04-04T12:55:00Z
6
value 0.00156
scoring_system epss
scoring_elements 0.36225
published_at 2026-04-01T12:55:00Z
7
value 0.00156
scoring_system epss
scoring_elements 0.36301
published_at 2026-04-13T12:55:00Z
8
value 0.00156
scoring_system epss
scoring_elements 0.36322
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
9
reference_url https://github.com/advisories/GHSA-5fr8-xhqq-4p3q
reference_id GHSA-5fr8-xhqq-4p3q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fr8-xhqq-4p3q
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6epx-c68d-d7bv
5
vulnerability VCID-7dk3-gcup-2kc9
6
vulnerability VCID-86yd-4mkt-hydr
7
vulnerability VCID-a3yc-fxa1-gfhy
8
vulnerability VCID-ajga-3b99-yugh
9
vulnerability VCID-axxx-gpfn-mqc9
10
vulnerability VCID-cfgg-fgjt-z3hn
11
vulnerability VCID-d5q3-jrdb-euav
12
vulnerability VCID-dc9y-v257-6bhf
13
vulnerability VCID-enkd-4y44-4ueq
14
vulnerability VCID-ftdr-uzuh-8ybc
15
vulnerability VCID-fyxa-vzeq-ubeq
16
vulnerability VCID-gme6-wj87-ekfw
17
vulnerability VCID-kak1-btjp-kqgz
18
vulnerability VCID-kd3t-2gzd-q3hq
19
vulnerability VCID-kgm4-g26x-gken
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-m8w1-g9h9-vuce
24
vulnerability VCID-qjgf-hxng-j3g9
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-ua49-snhx-dqa4
28
vulnerability VCID-w4fh-cpaq-nqat
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rbk-47h6-d7d8
1
vulnerability VCID-4f9c-aun4-wfep
2
vulnerability VCID-4x32-t75c-u3bj
3
vulnerability VCID-5pkg-j4wg-7fcn
4
vulnerability VCID-6du5-hdvd-fueb
5
vulnerability VCID-6epx-c68d-d7bv
6
vulnerability VCID-7dk3-gcup-2kc9
7
vulnerability VCID-86yd-4mkt-hydr
8
vulnerability VCID-a3yc-fxa1-gfhy
9
vulnerability VCID-ajga-3b99-yugh
10
vulnerability VCID-axxx-gpfn-mqc9
11
vulnerability VCID-bdcq-z11u-zyh5
12
vulnerability VCID-cfgg-fgjt-z3hn
13
vulnerability VCID-d5q3-jrdb-euav
14
vulnerability VCID-dc9y-v257-6bhf
15
vulnerability VCID-eddc-w9wx-c3gq
16
vulnerability VCID-enkd-4y44-4ueq
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-ftdr-uzuh-8ybc
19
vulnerability VCID-fyxa-vzeq-ubeq
20
vulnerability VCID-gme6-wj87-ekfw
21
vulnerability VCID-kak1-btjp-kqgz
22
vulnerability VCID-kd3t-2gzd-q3hq
23
vulnerability VCID-kgm4-g26x-gken
24
vulnerability VCID-kvhv-9fj5-7kgk
25
vulnerability VCID-kw9p-5fbc-hudg
26
vulnerability VCID-kxa8-dmva-ayff
27
vulnerability VCID-m8w1-g9h9-vuce
28
vulnerability VCID-qjgf-hxng-j3g9
29
vulnerability VCID-qm38-1cwk-b3hq
30
vulnerability VCID-tc2y-zrea-vyb2
31
vulnerability VCID-tm1s-2m92-uyh9
32
vulnerability VCID-ua49-snhx-dqa4
33
vulnerability VCID-w4fh-cpaq-nqat
34
vulnerability VCID-xw77-b18v-8kc4
35
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u49v-31sv-eqc3
41
url VCID-v116-gayp-mbfu
vulnerability_id VCID-v116-gayp-mbfu
summary 
silverstripe/framework SQL injection in full text search
When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.

The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-008
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-008
5
reference_url https://github.com/advisories/GHSA-xx4r-5265-48j6
reference_id GHSA-xx4r-5265-48j6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx4r-5265-48j6
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-fpb7-5pwu-tyg5
17
vulnerability VCID-fyxa-vzeq-ubeq
18
vulnerability VCID-kak1-btjp-kqgz
19
vulnerability VCID-kvhv-9fj5-7kgk
20
vulnerability VCID-kw9p-5fbc-hudg
21
vulnerability VCID-kxa8-dmva-ayff
22
vulnerability VCID-p2kq-rkh6-ayeu
23
vulnerability VCID-pffp-vtk7-pqby
24
vulnerability VCID-pq29-qe7h-tkcp
25
vulnerability VCID-qm38-1cwk-b3hq
26
vulnerability VCID-tc2y-zrea-vyb2
27
vulnerability VCID-tm1s-2m92-uyh9
28
vulnerability VCID-u49v-31sv-eqc3
29
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
1
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-cdgj-bdpy-ukak
14
vulnerability VCID-eddc-w9wx-c3gq
15
vulnerability VCID-enkd-4y44-4ueq
16
vulnerability VCID-ff5q-59gf-nugg
17
vulnerability VCID-fpb7-5pwu-tyg5
18
vulnerability VCID-fyxa-vzeq-ubeq
19
vulnerability VCID-kak1-btjp-kqgz
20
vulnerability VCID-kvhv-9fj5-7kgk
21
vulnerability VCID-kw9p-5fbc-hudg
22
vulnerability VCID-kxa8-dmva-ayff
23
vulnerability VCID-p2kq-rkh6-ayeu
24
vulnerability VCID-pffp-vtk7-pqby
25
vulnerability VCID-pq29-qe7h-tkcp
26
vulnerability VCID-qm38-1cwk-b3hq
27
vulnerability VCID-tc2y-zrea-vyb2
28
vulnerability VCID-tm1s-2m92-uyh9
29
vulnerability VCID-u49v-31sv-eqc3
30
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
2
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1nes-cr3m-j3dv
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-4f9c-aun4-wfep
3
vulnerability VCID-4x32-t75c-u3bj
4
vulnerability VCID-5pkg-j4wg-7fcn
5
vulnerability VCID-6du5-hdvd-fueb
6
vulnerability VCID-6epx-c68d-d7bv
7
vulnerability VCID-7dk3-gcup-2kc9
8
vulnerability VCID-86yd-4mkt-hydr
9
vulnerability VCID-a3yc-fxa1-gfhy
10
vulnerability VCID-ajga-3b99-yugh
11
vulnerability VCID-axxx-gpfn-mqc9
12
vulnerability VCID-bdcq-z11u-zyh5
13
vulnerability VCID-c75p-3hdz-q3b6
14
vulnerability VCID-cdgj-bdpy-ukak
15
vulnerability VCID-cfgg-fgjt-z3hn
16
vulnerability VCID-d5q3-jrdb-euav
17
vulnerability VCID-dc9y-v257-6bhf
18
vulnerability VCID-enkd-4y44-4ueq
19
vulnerability VCID-ff5q-59gf-nugg
20
vulnerability VCID-fpb7-5pwu-tyg5
21
vulnerability VCID-ftdr-uzuh-8ybc
22
vulnerability VCID-fyxa-vzeq-ubeq
23
vulnerability VCID-gme6-wj87-ekfw
24
vulnerability VCID-jx5m-bqc6-h3bv
25
vulnerability VCID-kak1-btjp-kqgz
26
vulnerability VCID-kd3t-2gzd-q3hq
27
vulnerability VCID-kgm4-g26x-gken
28
vulnerability VCID-kvhv-9fj5-7kgk
29
vulnerability VCID-kw9p-5fbc-hudg
30
vulnerability VCID-kxa8-dmva-ayff
31
vulnerability VCID-kxyq-vg6e-6uac
32
vulnerability VCID-m8w1-g9h9-vuce
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-p554-wkxw-gfdh
35
vulnerability VCID-pq29-qe7h-tkcp
36
vulnerability VCID-qak9-2t7g-w3fv
37
vulnerability VCID-qjgf-hxng-j3g9
38
vulnerability VCID-qm38-1cwk-b3hq
39
vulnerability VCID-tc2y-zrea-vyb2
40
vulnerability VCID-u49v-31sv-eqc3
41
vulnerability VCID-ua49-snhx-dqa4
42
vulnerability VCID-w4fh-cpaq-nqat
43
vulnerability VCID-xnb4-zjws-vuhu
44
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases GHSA-xx4r-5265-48j6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v116-gayp-mbfu
42
url VCID-ya8k-c5s5-47gx
vulnerability_id VCID-ya8k-c5s5-47gx
summary 
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2017-001/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9j-ek3x-kbc5
1
vulnerability VCID-2rbk-47h6-d7d8
2
vulnerability VCID-3ydp-barm-5ya1
3
vulnerability VCID-414d-7bfm-kud7
4
vulnerability VCID-4f9c-aun4-wfep
5
vulnerability VCID-4x32-t75c-u3bj
6
vulnerability VCID-5pkg-j4wg-7fcn
7
vulnerability VCID-6du5-hdvd-fueb
8
vulnerability VCID-6epx-c68d-d7bv
9
vulnerability VCID-71cx-seqr-3fh5
10
vulnerability VCID-7dk3-gcup-2kc9
11
vulnerability VCID-86yd-4mkt-hydr
12
vulnerability VCID-a3yc-fxa1-gfhy
13
vulnerability VCID-ab5z-bqka-xudb
14
vulnerability VCID-ajga-3b99-yugh
15
vulnerability VCID-axxx-gpfn-mqc9
16
vulnerability VCID-bdcq-z11u-zyh5
17
vulnerability VCID-bmqt-5ybj-kuf6
18
vulnerability VCID-c3vp-kc9a-vkhn
19
vulnerability VCID-cdgj-bdpy-ukak
20
vulnerability VCID-eddc-w9wx-c3gq
21
vulnerability VCID-enkd-4y44-4ueq
22
vulnerability VCID-ete7-tupf-63c9
23
vulnerability VCID-fpb7-5pwu-tyg5
24
vulnerability VCID-fyxa-vzeq-ubeq
25
vulnerability VCID-g3kz-796v-4qf1
26
vulnerability VCID-j9tk-b3hv-q3c1
27
vulnerability VCID-kak1-btjp-kqgz
28
vulnerability VCID-kdyk-rrrr-pufw
29
vulnerability VCID-kh99-kpkt-pqdq
30
vulnerability VCID-kvhv-9fj5-7kgk
31
vulnerability VCID-kw9p-5fbc-hudg
32
vulnerability VCID-kxa8-dmva-ayff
33
vulnerability VCID-p2kq-rkh6-ayeu
34
vulnerability VCID-pq29-qe7h-tkcp
35
vulnerability VCID-qm38-1cwk-b3hq
36
vulnerability VCID-tc2y-zrea-vyb2
37
vulnerability VCID-tm1s-2m92-uyh9
38
vulnerability VCID-tzmx-hfk2-7ufr
39
vulnerability VCID-u49v-31sv-eqc3
40
vulnerability VCID-v116-gayp-mbfu
41
vulnerability VCID-yuer-yn1w-q3gw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
aliases SS-2017-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx
43
url VCID-yuer-yn1w-q3gw
vulnerability_id VCID-yuer-yn1w-q3gw
summary 
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this type of attack.

### References
- https://www.silverstripe.org/download/security-releases/cve-2024-32981
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
reference_id
reference_type
scores
0
value 0.0105
scoring_system epss
scoring_elements 0.7749
published_at 2026-04-02T12:55:00Z
1
value 0.0105
scoring_system epss
scoring_elements 0.77542
published_at 2026-04-13T12:55:00Z
2
value 0.0105
scoring_system epss
scoring_elements 0.77545
published_at 2026-04-12T12:55:00Z
3
value 0.0105
scoring_system epss
scoring_elements 0.7756
published_at 2026-04-11T12:55:00Z
4
value 0.0105
scoring_system epss
scoring_elements 0.77534
published_at 2026-04-09T12:55:00Z
5
value 0.0105
scoring_system epss
scoring_elements 0.77524
published_at 2026-04-08T12:55:00Z
6
value 0.0105
scoring_system epss
scoring_elements 0.77495
published_at 2026-04-07T12:55:00Z
7
value 0.0105
scoring_system epss
scoring_elements 0.77515
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-32981
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-32981
7
reference_url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
reference_id GHSA-chx7-9x8h-r5mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6epx-c68d-d7bv
1
vulnerability VCID-a3yc-fxa1-gfhy
2
vulnerability VCID-axxx-gpfn-mqc9
3
vulnerability VCID-kvhv-9fj5-7kgk
4
vulnerability VCID-kw9p-5fbc-hudg
5
vulnerability VCID-qjgf-hxng-j3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases CVE-2024-32981, GHSA-chx7-9x8h-r5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.0