Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@4.0.0-alpha3
Typecomposer
Namespacesilverstripe
Nameframework
Version4.0.0-alpha3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.23
Latest_non_vulnerable_version6.0.0-alpha1
Affected_by_vulnerabilities
0
url VCID-11sx-j3x7-gkcr
vulnerability_id VCID-11sx-j3x7-gkcr
summary 
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
3
reference_url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
reference_id GHSA-74j9-xhqr-6qv3
reference_type
scores
url https://github.com/advisories/GHSA-74j9-xhqr-6qv3
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hk2-hzyh-wbhf
1
vulnerability VCID-79qx-v5uu-jyf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
aliases GHSA-74j9-xhqr-6qv3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11sx-j3x7-gkcr
1
url VCID-1p79-328x-sueq
vulnerability_id VCID-1p79-328x-sueq
summary 
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57671
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57619
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41559
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41559
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-41559
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-41559
7
reference_url https://github.com/advisories/GHSA-9fmg-89fx-r33w
reference_id GHSA-9fmg-89fx-r33w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fmg-89fx-r33w
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.9
purl pkg:composer/silverstripe/framework@4.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-7gak-15m5-j3f5
5
vulnerability VCID-7w7t-3783-1kbs
6
vulnerability VCID-86vg-4j71-hkgr
7
vulnerability VCID-8u5c-6vx3-mfcr
8
vulnerability VCID-9t4k-8hsz-bfdw
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-ca4q-xd4v-vqfe
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-k46z-g6jp-57ek
14
vulnerability VCID-ky21-z2d2-sye6
15
vulnerability VCID-uy47-3s8a-hbdn
16
vulnerability VCID-xm4q-u96p-57dd
17
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9
1
url pkg:composer/silverstripe/framework@4.11.0-beta1
purl pkg:composer/silverstripe/framework@4.11.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-7w7t-3783-1kbs
5
vulnerability VCID-86vg-4j71-hkgr
6
vulnerability VCID-8u5c-6vx3-mfcr
7
vulnerability VCID-9t4k-8hsz-bfdw
8
vulnerability VCID-9y5u-qyzd-3ud9
9
vulnerability VCID-a7cf-kpzy-xudd
10
vulnerability VCID-ca4q-xd4v-vqfe
11
vulnerability VCID-gnpw-s9hp-wqfs
12
vulnerability VCID-k46z-g6jp-57ek
13
vulnerability VCID-ky21-z2d2-sye6
14
vulnerability VCID-uy47-3s8a-hbdn
15
vulnerability VCID-xm4q-u96p-57dd
16
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1
aliases CVE-2021-41559, GHSA-9fmg-89fx-r33w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq
2
url VCID-5cfa-whq6-9ucp
vulnerability_id VCID-5cfa-whq6-9ucp
summary 
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.

Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
reference_id
reference_type
scores
0
value 0.01452
scoring_system epss
scoring_elements 0.81169
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53277
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
reference_id CVE-2024-53277
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53277
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-53277
reference_id CVE-2024-53277
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-53277
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
reference_id CVE-2024-53277.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml
6
reference_url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
reference_id GHSA-ff6q-3c9c-6cf5
reference_type
scores
url https://github.com/advisories/GHSA-ff6q-3c9c-6cf5
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
reference_id GHSA-ff6q-3c9c-6cf5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hk2-hzyh-wbhf
1
vulnerability VCID-79qx-v5uu-jyf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfa-whq6-9ucp
3
url VCID-79qx-v5uu-jyf2
vulnerability_id VCID-79qx-v5uu-jyf2
summary 
Silverstripe Framework has a XSS vulnerability in HTML editor
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45229
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30148
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358
3
reference_url https://github.com/silverstripe/silverstripe-framework/pull/11682
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/pull/11682
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
reference_id CVE-2025-30148
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30148
5
reference_url https://www.silverstripe.org/download/security-releases/cve-2025-30148
reference_id CVE-2025-30148
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://www.silverstripe.org/download/security-releases/cve-2025-30148
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
reference_id CVE-2025-30148.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml
7
reference_url https://github.com/advisories/GHSA-rhx4-hvx9-j387
reference_id GHSA-rhx4-hvx9-j387
reference_type
scores
url https://github.com/advisories/GHSA-rhx4-hvx9-j387
8
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
reference_id GHSA-rhx4-hvx9-j387
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.23
purl pkg:composer/silverstripe/framework@5.3.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23
aliases CVE-2025-30148, GHSA-rhx4-hvx9-j387
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79qx-v5uu-jyf2
4
url VCID-7hxq-cp29-r7dh
vulnerability_id VCID-7hxq-cp29-r7dh
summary 
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57587
published_at 2026-06-05T12:55:00Z
1
value 0.00347
scoring_system epss
scoring_elements 0.57535
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1mmc-91gk-r3d3
2
vulnerability VCID-1p79-328x-sueq
3
vulnerability VCID-24a5-ruc4-bycq
4
vulnerability VCID-2hk2-hzyh-wbhf
5
vulnerability VCID-37d1-tt74-yyfm
6
vulnerability VCID-5cfa-whq6-9ucp
7
vulnerability VCID-79qx-v5uu-jyf2
8
vulnerability VCID-7gak-15m5-j3f5
9
vulnerability VCID-7w7t-3783-1kbs
10
vulnerability VCID-86vg-4j71-hkgr
11
vulnerability VCID-8u5c-6vx3-mfcr
12
vulnerability VCID-9t4k-8hsz-bfdw
13
vulnerability VCID-9y5u-qyzd-3ud9
14
vulnerability VCID-a1p9-cwzb-kbgb
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-aj7q-x4hc-xbdm
17
vulnerability VCID-aygc-4nhm-n7eq
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-ca4q-xd4v-vqfe
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-fm87-te3v-pkc8
22
vulnerability VCID-fmfu-81xu-pfdy
23
vulnerability VCID-g7kn-gn2m-myc3
24
vulnerability VCID-gnpw-s9hp-wqfs
25
vulnerability VCID-h9g1-7wez-8qft
26
vulnerability VCID-hcuz-gz3w-97ew
27
vulnerability VCID-hq36-9ntc-akez
28
vulnerability VCID-k46z-g6jp-57ek
29
vulnerability VCID-ky21-z2d2-sye6
30
vulnerability VCID-m3us-9sft-wbh8
31
vulnerability VCID-n4fk-735u-2baw
32
vulnerability VCID-nute-ndg2-z7ev
33
vulnerability VCID-nzcm-xbxx-wyf9
34
vulnerability VCID-p2m9-rejx-e3e9
35
vulnerability VCID-pkve-yjqy-syc2
36
vulnerability VCID-qmfy-dxag-uuex
37
vulnerability VCID-r1eg-dwej-5kau
38
vulnerability VCID-ru3j-21j8-ayhm
39
vulnerability VCID-tsdn-bu3d-ubaf
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-uy47-3s8a-hbdn
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-xm4q-u96p-57dd
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-ytbc-8mhd-b3fc
47
vulnerability VCID-yxuh-bxh5-z3cw
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1mmc-91gk-r3d3
2
vulnerability VCID-1p79-328x-sueq
3
vulnerability VCID-24a5-ruc4-bycq
4
vulnerability VCID-2hk2-hzyh-wbhf
5
vulnerability VCID-5cfa-whq6-9ucp
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-aj7q-x4hc-xbdm
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-ca4q-xd4v-vqfe
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-fmfu-81xu-pfdy
19
vulnerability VCID-g7kn-gn2m-myc3
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-h9g1-7wez-8qft
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hq36-9ntc-akez
24
vulnerability VCID-k46z-g6jp-57ek
25
vulnerability VCID-ky21-z2d2-sye6
26
vulnerability VCID-m3us-9sft-wbh8
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-nzcm-xbxx-wyf9
30
vulnerability VCID-p2m9-rejx-e3e9
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-ru3j-21j8-ayhm
35
vulnerability VCID-tsdn-bu3d-ubaf
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xm4q-u96p-57dd
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-ytbc-8mhd-b3fc
43
vulnerability VCID-yxuh-bxh5-z3cw
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-pkve-yjqy-syc2
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-ru3j-21j8-ayhm
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xm4q-u96p-57dd
27
vulnerability VCID-ytbc-8mhd-b3fc
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh
5
url VCID-86vg-4j71-hkgr
vulnerability_id VCID-86vg-4j71-hkgr
summary 
Silverstripe Framework has a XSS via insert media remote file oembed
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
reference_id
reference_type
scores
0
value 0.07112
scoring_system epss
scoring_elements 0.91697
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47605
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
reference_id CVE-2024-47605
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
reference_id CVE-2024-47605
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47605
5
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-47605
reference_id CVE-2024-47605
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-47605
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
reference_id CVE-2024-47605.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml
7
reference_url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
reference_id GHSA-7cmp-cgg8-4c82
reference_type
scores
url https://github.com/advisories/GHSA-7cmp-cgg8-4c82
8
reference_url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
reference_id GHSA-7cmp-cgg8-4c82
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/
url https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hk2-hzyh-wbhf
1
vulnerability VCID-79qx-v5uu-jyf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases CVE-2024-47605, GHSA-7cmp-cgg8-4c82
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86vg-4j71-hkgr
6
url VCID-8u5c-6vx3-mfcr
vulnerability_id VCID-8u5c-6vx3-mfcr
summary 
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-002
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-002
3
reference_url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
reference_id GHSA-mqf3-qpc3-g26q
reference_type
scores
url https://github.com/advisories/GHSA-mqf3-qpc3-g26q
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
reference_id GHSA-mqf3-qpc3-g26q
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q
fixed_packages
0
url pkg:composer/silverstripe/framework@5.3.8
purl pkg:composer/silverstripe/framework@5.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hk2-hzyh-wbhf
1
vulnerability VCID-79qx-v5uu-jyf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8
1
url pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1
aliases GHSA-mqf3-qpc3-g26q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5c-6vx3-mfcr
7
url VCID-9y5u-qyzd-3ud9
vulnerability_id VCID-9y5u-qyzd-3ud9
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45478
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-48714
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
reference_id CVE-2023-48714
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-48714
4
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
reference_id CVE-2023-48714
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-48714
5
reference_url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qm2j-qvq3-j29v
6
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
reference_id GHSA-qm2j-qvq3-j29v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.39
purl pkg:composer/silverstripe/framework@4.13.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-k46z-g6jp-57ek
7
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39
1
url pkg:composer/silverstripe/framework@5.1.11
purl pkg:composer/silverstripe/framework@5.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-k46z-g6jp-57ek
7
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11
aliases CVE-2023-48714, GHSA-qm2j-qvq3-j29v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9
8
url VCID-a7cf-kpzy-xudd
vulnerability_id VCID-a7cf-kpzy-xudd
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42323
published_at 2026-06-05T12:55:00Z
1
value 0.00203
scoring_system epss
scoring_elements 0.42248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22729
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22729
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22729
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
reference_id CVE-2023-22729
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22729
6
reference_url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
url https://github.com/advisories/GHSA-fw84-xgm8-9jmv
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
reference_id GHSA-fw84-xgm8-9jmv
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-gnpw-s9hp-wqfs
8
vulnerability VCID-k46z-g6jp-57ek
9
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22729, GHSA-fw84-xgm8-9jmv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd
9
url VCID-b6nm-cphj-wfgw
vulnerability_id VCID-b6nm-cphj-wfgw
summary 
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53948
published_at 2026-06-04T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54005
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
reference_id CVE-2019-12617
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12617/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
10
reference_url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
reference_id GHSA-6r58-4xgr-gm6m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6r58-4xgr-gm6m
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-pkve-yjqy-syc2
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-ru3j-21j8-ayhm
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xm4q-u96p-57dd
27
vulnerability VCID-ytbc-8mhd-b3fc
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw
10
url VCID-cmwn-cjff-9qau
vulnerability_id VCID-cmwn-cjff-9qau
summary 
Session Fixation
SilverStripe allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17184
published_at 2026-06-05T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
reference_id CVE-2019-12203
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12203/
9
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
10
reference_url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
reference_id GHSA-w7r7-r8r9-vrg2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7r7-r8r9-vrg2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-pkve-yjqy-syc2
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-ru3j-21j8-ayhm
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xm4q-u96p-57dd
27
vulnerability VCID-ytbc-8mhd-b3fc
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau
11
url VCID-gnpw-s9hp-wqfs
vulnerability_id VCID-gnpw-s9hp-wqfs
summary 
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml
1
reference_url https://github.com/github/advisory-database/pull/2575
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2575
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4
4
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14
5
reference_url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2023-32302
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
reference_id CVE-2023-32302
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32302
8
reference_url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
url https://github.com/advisories/GHSA-36xx-7vf6-7mv3
9
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
reference_id GHSA-36xx-7vf6-7mv3
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3
fixed_packages
0
url pkg:composer/silverstripe/framework@4.13.14
purl pkg:composer/silverstripe/framework@4.13.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-k46z-g6jp-57ek
8
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14
1
url pkg:composer/silverstripe/framework@5.0.13
purl pkg:composer/silverstripe/framework@5.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-k46z-g6jp-57ek
8
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13
aliases CVE-2023-32302, GHSA-36xx-7vf6-7mv3
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs
12
url VCID-hcuz-gz3w-97ew
vulnerability_id VCID-hcuz-gz3w-97ew
summary Business Logic Errors in GitHub repository silverstripe/silverstripe-framework
references
0
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
1
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2
2
reference_url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
reference_id CVE-2022-0227
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0227
4
reference_url https://github.com/advisories/GHSA-32m2-9f76-4gv8
reference_id GHSA-32m2-9f76-4gv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32m2-9f76-4gv8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.10.1
purl pkg:composer/silverstripe/framework@4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-k46z-g6jp-57ek
17
vulnerability VCID-ky21-z2d2-sye6
18
vulnerability VCID-uy47-3s8a-hbdn
19
vulnerability VCID-xm4q-u96p-57dd
20
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1
aliases CVE-2022-0227, GHSA-32m2-9f76-4gv8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew
13
url VCID-k46z-g6jp-57ek
vulnerability_id VCID-k46z-g6jp-57ek
summary 
Silverstripe uses TinyMCE which allows svg files linked in object tags
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.

Note that `<embed>` tags are not allowed by default.

After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.

We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2024-001
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2024-001
3
reference_url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
reference_id GHSA-52cw-pvq9-9m5v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52cw-pvq9-9m5v
4
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
reference_id GHSA-52cw-pvq9-9m5v
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v
5
reference_url https://github.com/advisories/GHSA-5359-pvf2-pw78
reference_id GHSA-5359-pvf2-pw78
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5359-pvf2-pw78
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases GHSA-52cw-pvq9-9m5v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k46z-g6jp-57ek
14
url VCID-ky21-z2d2-sye6
vulnerability_id VCID-ky21-z2d2-sye6
summary 
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.

The server-side sanitisation logic has been updated to sanitise against this type of attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
reference_id
reference_type
scores
0
value 0.0105
scoring_system epss
scoring_elements 0.7791
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32981
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
reference_id CVE-2024-32981
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32981
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2024-32981
reference_id CVE-2024-32981
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://www.silverstripe.org/download/security-releases/cve-2024-32981
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
reference_id CVE-2024-32981.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml
6
reference_url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
reference_id GHSA-chx7-9x8h-r5mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chx7-9x8h-r5mg
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
reference_id GHSA-chx7-9x8h-r5mg
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg
fixed_packages
0
url pkg:composer/silverstripe/framework@5.2.16
purl pkg:composer/silverstripe/framework@5.2.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16
aliases CVE-2024-32981, GHSA-chx7-9x8h-r5mg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ky21-z2d2-sye6
15
url VCID-mkex-ht2r-cucz
vulnerability_id VCID-mkex-ht2r-cucz
summary 
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56702
published_at 2026-06-04T12:55:00Z
1
value 0.00336
scoring_system epss
scoring_elements 0.56754
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
9
reference_url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
reference_id GHSA-43jj-2rwc-2m3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43jj-2rwc-2m3f
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1mmc-91gk-r3d3
2
vulnerability VCID-1p79-328x-sueq
3
vulnerability VCID-24a5-ruc4-bycq
4
vulnerability VCID-2hk2-hzyh-wbhf
5
vulnerability VCID-37d1-tt74-yyfm
6
vulnerability VCID-5cfa-whq6-9ucp
7
vulnerability VCID-79qx-v5uu-jyf2
8
vulnerability VCID-7gak-15m5-j3f5
9
vulnerability VCID-7w7t-3783-1kbs
10
vulnerability VCID-86vg-4j71-hkgr
11
vulnerability VCID-8u5c-6vx3-mfcr
12
vulnerability VCID-9t4k-8hsz-bfdw
13
vulnerability VCID-9y5u-qyzd-3ud9
14
vulnerability VCID-a1p9-cwzb-kbgb
15
vulnerability VCID-a7cf-kpzy-xudd
16
vulnerability VCID-aj7q-x4hc-xbdm
17
vulnerability VCID-aygc-4nhm-n7eq
18
vulnerability VCID-b6nm-cphj-wfgw
19
vulnerability VCID-ca4q-xd4v-vqfe
20
vulnerability VCID-cmwn-cjff-9qau
21
vulnerability VCID-fm87-te3v-pkc8
22
vulnerability VCID-fmfu-81xu-pfdy
23
vulnerability VCID-g7kn-gn2m-myc3
24
vulnerability VCID-gnpw-s9hp-wqfs
25
vulnerability VCID-h9g1-7wez-8qft
26
vulnerability VCID-hcuz-gz3w-97ew
27
vulnerability VCID-hq36-9ntc-akez
28
vulnerability VCID-k46z-g6jp-57ek
29
vulnerability VCID-ky21-z2d2-sye6
30
vulnerability VCID-m3us-9sft-wbh8
31
vulnerability VCID-n4fk-735u-2baw
32
vulnerability VCID-nute-ndg2-z7ev
33
vulnerability VCID-nzcm-xbxx-wyf9
34
vulnerability VCID-p2m9-rejx-e3e9
35
vulnerability VCID-pkve-yjqy-syc2
36
vulnerability VCID-qmfy-dxag-uuex
37
vulnerability VCID-r1eg-dwej-5kau
38
vulnerability VCID-ru3j-21j8-ayhm
39
vulnerability VCID-tsdn-bu3d-ubaf
40
vulnerability VCID-tv7h-289s-xub4
41
vulnerability VCID-uy47-3s8a-hbdn
42
vulnerability VCID-wgdv-etcq-3qhw
43
vulnerability VCID-xg74-3h1h-kqaf
44
vulnerability VCID-xm4q-u96p-57dd
45
vulnerability VCID-y8et-m846-2fc6
46
vulnerability VCID-ytbc-8mhd-b3fc
47
vulnerability VCID-yxuh-bxh5-z3cw
48
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1mmc-91gk-r3d3
2
vulnerability VCID-1p79-328x-sueq
3
vulnerability VCID-24a5-ruc4-bycq
4
vulnerability VCID-2hk2-hzyh-wbhf
5
vulnerability VCID-5cfa-whq6-9ucp
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-aj7q-x4hc-xbdm
15
vulnerability VCID-b6nm-cphj-wfgw
16
vulnerability VCID-ca4q-xd4v-vqfe
17
vulnerability VCID-cmwn-cjff-9qau
18
vulnerability VCID-fmfu-81xu-pfdy
19
vulnerability VCID-g7kn-gn2m-myc3
20
vulnerability VCID-gnpw-s9hp-wqfs
21
vulnerability VCID-h9g1-7wez-8qft
22
vulnerability VCID-hcuz-gz3w-97ew
23
vulnerability VCID-hq36-9ntc-akez
24
vulnerability VCID-k46z-g6jp-57ek
25
vulnerability VCID-ky21-z2d2-sye6
26
vulnerability VCID-m3us-9sft-wbh8
27
vulnerability VCID-n4fk-735u-2baw
28
vulnerability VCID-nute-ndg2-z7ev
29
vulnerability VCID-nzcm-xbxx-wyf9
30
vulnerability VCID-p2m9-rejx-e3e9
31
vulnerability VCID-pkve-yjqy-syc2
32
vulnerability VCID-qmfy-dxag-uuex
33
vulnerability VCID-r1eg-dwej-5kau
34
vulnerability VCID-ru3j-21j8-ayhm
35
vulnerability VCID-tsdn-bu3d-ubaf
36
vulnerability VCID-tv7h-289s-xub4
37
vulnerability VCID-uy47-3s8a-hbdn
38
vulnerability VCID-wgdv-etcq-3qhw
39
vulnerability VCID-xg74-3h1h-kqaf
40
vulnerability VCID-xm4q-u96p-57dd
41
vulnerability VCID-y8et-m846-2fc6
42
vulnerability VCID-ytbc-8mhd-b3fc
43
vulnerability VCID-yxuh-bxh5-z3cw
44
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-pkve-yjqy-syc2
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-ru3j-21j8-ayhm
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xm4q-u96p-57dd
27
vulnerability VCID-ytbc-8mhd-b3fc
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz
16
url VCID-n4fk-735u-2baw
vulnerability_id VCID-n4fk-735u-2baw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.5931
published_at 2026-06-05T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.5926
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
6
reference_url https://github.com/advisories/GHSA-j66h-cc96-c32q
reference_id GHSA-j66h-cc96-c32q
reference_type
scores
url https://github.com/advisories/GHSA-j66h-cc96-c32q
fixed_packages
0
url pkg:composer/silverstripe/framework@4.9.0-alpha1
purl pkg:composer/silverstripe/framework@4.9.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-uy47-3s8a-hbdn
20
vulnerability VCID-xm4q-u96p-57dd
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1
1
url pkg:composer/silverstripe/framework@4.9.0
purl pkg:composer/silverstripe/framework@4.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-uy47-3s8a-hbdn
20
vulnerability VCID-xm4q-u96p-57dd
21
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0
aliases CVE-2021-36150, GHSA-j66h-cc96-c32q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw
17
url VCID-nute-ndg2-z7ev
vulnerability_id VCID-nute-ndg2-z7ev
summary 
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59631
published_at 2026-06-04T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59681
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
9
reference_url https://github.com/advisories/GHSA-rfvw-5848-gxc5
reference_id GHSA-rfvw-5848-gxc5
reference_type
scores
url https://github.com/advisories/GHSA-rfvw-5848-gxc5
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-pkve-yjqy-syc2
21
vulnerability VCID-qmfy-dxag-uuex
22
vulnerability VCID-ru3j-21j8-ayhm
23
vulnerability VCID-tv7h-289s-xub4
24
vulnerability VCID-uy47-3s8a-hbdn
25
vulnerability VCID-wgdv-etcq-3qhw
26
vulnerability VCID-xm4q-u96p-57dd
27
vulnerability VCID-ytbc-8mhd-b3fc
28
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev
18
url VCID-qmfy-dxag-uuex
vulnerability_id VCID-qmfy-dxag-uuex
summary 
Improper Authentication
In SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
reference_id
reference_type
scores
0
value 0.00216
scoring_system epss
scoring_elements 0.44223
published_at 2026-06-05T12:55:00Z
1
value 0.00216
scoring_system epss
scoring_elements 0.44155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26136
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26136
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26136
reference_id CVE-2020-26136
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26136
8
reference_url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
reference_id GHSA-mg2g-8pwj-r2j2
reference_type
scores
url https://github.com/advisories/GHSA-mg2g-8pwj-r2j2
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-uy47-3s8a-hbdn
21
vulnerability VCID-xm4q-u96p-57dd
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
aliases CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex
19
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42056
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
20
url VCID-tv7h-289s-xub4
vulnerability_id VCID-tv7h-289s-xub4
summary 
Improper Restriction of XML External Entity Reference
SilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.5767
published_at 2026-06-05T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57618
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25817
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2021-25817
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2021-25817
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
reference_id CVE-2020-25817
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25817
8
reference_url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
reference_id GHSA-3vjc-5x79-m9r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vjc-5x79-m9r8
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-uy47-3s8a-hbdn
21
vulnerability VCID-xm4q-u96p-57dd
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-uy47-3s8a-hbdn
21
vulnerability VCID-xm4q-u96p-57dd
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-25817, GHSA-3vjc-5x79-m9r8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4
21
url VCID-uy47-3s8a-hbdn
vulnerability_id VCID-uy47-3s8a-hbdn
summary 
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55551
published_at 2026-06-05T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55495
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37421
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-37421
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2022-37421
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2022-37421
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
reference_id CVE-2022-37421
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/
url https://www.silverstripe.org/download/security-releases/CVE-2022-37421
9
reference_url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
reference_id GHSA-pp74-g2q5-j4jf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pp74-g2q5-j4jf
fixed_packages
0
url pkg:composer/silverstripe/framework@4.11.3
purl pkg:composer/silverstripe/framework@4.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-7gak-15m5-j3f5
5
vulnerability VCID-7w7t-3783-1kbs
6
vulnerability VCID-86vg-4j71-hkgr
7
vulnerability VCID-8u5c-6vx3-mfcr
8
vulnerability VCID-9t4k-8hsz-bfdw
9
vulnerability VCID-9y5u-qyzd-3ud9
10
vulnerability VCID-a7cf-kpzy-xudd
11
vulnerability VCID-ca4q-xd4v-vqfe
12
vulnerability VCID-gnpw-s9hp-wqfs
13
vulnerability VCID-k46z-g6jp-57ek
14
vulnerability VCID-ky21-z2d2-sye6
15
vulnerability VCID-xm4q-u96p-57dd
16
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3
aliases CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uy47-3s8a-hbdn
22
url VCID-wgdv-etcq-3qhw
vulnerability_id VCID-wgdv-etcq-3qhw
summary 
Improper Input Validation
In SilverStripe, a FormField with square brackets in the field name skips validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
reference_id
reference_type
scores
0
value 0.00292
scoring_system epss
scoring_elements 0.52854
published_at 2026-06-04T12:55:00Z
1
value 0.00292
scoring_system epss
scoring_elements 0.52915
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26138
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26138
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138
reference_id CVE-2020-26138
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-26138
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
reference_id CVE-2020-26138
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2020-26138/
8
reference_url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
reference_id GHSA-7mv4-4xpg-xq44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mv4-4xpg-xq44
fixed_packages
0
url pkg:composer/silverstripe/framework@4.6.0
purl pkg:composer/silverstripe/framework@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-uy47-3s8a-hbdn
21
vulnerability VCID-xm4q-u96p-57dd
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0
1
url pkg:composer/silverstripe/framework@4.7.4
purl pkg:composer/silverstripe/framework@4.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-uy47-3s8a-hbdn
21
vulnerability VCID-xm4q-u96p-57dd
22
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4
aliases CVE-2020-26138, GHSA-7mv4-4xpg-xq44
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw
23
url VCID-xg74-3h1h-kqaf
vulnerability_id VCID-xg74-3h1h-kqaf
summary 
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36088
published_at 2026-06-05T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.35994
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-b6nm-cphj-wfgw
15
vulnerability VCID-ca4q-xd4v-vqfe
16
vulnerability VCID-cmwn-cjff-9qau
17
vulnerability VCID-fmfu-81xu-pfdy
18
vulnerability VCID-gnpw-s9hp-wqfs
19
vulnerability VCID-hcuz-gz3w-97ew
20
vulnerability VCID-k46z-g6jp-57ek
21
vulnerability VCID-ky21-z2d2-sye6
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-n4fk-735u-2baw
24
vulnerability VCID-nzcm-xbxx-wyf9
25
vulnerability VCID-pkve-yjqy-syc2
26
vulnerability VCID-qmfy-dxag-uuex
27
vulnerability VCID-ru3j-21j8-ayhm
28
vulnerability VCID-tv7h-289s-xub4
29
vulnerability VCID-uy47-3s8a-hbdn
30
vulnerability VCID-wgdv-etcq-3qhw
31
vulnerability VCID-xm4q-u96p-57dd
32
vulnerability VCID-y8et-m846-2fc6
33
vulnerability VCID-ytbc-8mhd-b3fc
34
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf
24
url VCID-y8et-m846-2fc6
vulnerability_id VCID-y8et-m846-2fc6
summary 
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49005
published_at 2026-06-04T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.49066
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id CVE-2019-12245.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
9
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-79qx-v5uu-jyf2
6
vulnerability VCID-7gak-15m5-j3f5
7
vulnerability VCID-7w7t-3783-1kbs
8
vulnerability VCID-86vg-4j71-hkgr
9
vulnerability VCID-8u5c-6vx3-mfcr
10
vulnerability VCID-9t4k-8hsz-bfdw
11
vulnerability VCID-9y5u-qyzd-3ud9
12
vulnerability VCID-a7cf-kpzy-xudd
13
vulnerability VCID-ca4q-xd4v-vqfe
14
vulnerability VCID-fmfu-81xu-pfdy
15
vulnerability VCID-gnpw-s9hp-wqfs
16
vulnerability VCID-hcuz-gz3w-97ew
17
vulnerability VCID-k46z-g6jp-57ek
18
vulnerability VCID-ky21-z2d2-sye6
19
vulnerability VCID-n4fk-735u-2baw
20
vulnerability VCID-nzcm-xbxx-wyf9
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-1p79-328x-sueq
2
vulnerability VCID-24a5-ruc4-bycq
3
vulnerability VCID-2hk2-hzyh-wbhf
4
vulnerability VCID-5cfa-whq6-9ucp
5
vulnerability VCID-5dt7-nc8t-nqgh
6
vulnerability VCID-79qx-v5uu-jyf2
7
vulnerability VCID-7gak-15m5-j3f5
8
vulnerability VCID-7w7t-3783-1kbs
9
vulnerability VCID-86vg-4j71-hkgr
10
vulnerability VCID-8u5c-6vx3-mfcr
11
vulnerability VCID-9t4k-8hsz-bfdw
12
vulnerability VCID-9y5u-qyzd-3ud9
13
vulnerability VCID-a7cf-kpzy-xudd
14
vulnerability VCID-ca4q-xd4v-vqfe
15
vulnerability VCID-fmfu-81xu-pfdy
16
vulnerability VCID-gnpw-s9hp-wqfs
17
vulnerability VCID-hcuz-gz3w-97ew
18
vulnerability VCID-k46z-g6jp-57ek
19
vulnerability VCID-ky21-z2d2-sye6
20
vulnerability VCID-n4fk-735u-2baw
21
vulnerability VCID-pkve-yjqy-syc2
22
vulnerability VCID-qmfy-dxag-uuex
23
vulnerability VCID-ru3j-21j8-ayhm
24
vulnerability VCID-tv7h-289s-xub4
25
vulnerability VCID-uy47-3s8a-hbdn
26
vulnerability VCID-wgdv-etcq-3qhw
27
vulnerability VCID-xm4q-u96p-57dd
28
vulnerability VCID-ytbc-8mhd-b3fc
29
vulnerability VCID-zdge-zsmz-8ud9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6
25
url VCID-zdge-zsmz-8ud9
vulnerability_id VCID-zdge-zsmz-8ud9
summary 
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.1724
published_at 2026-06-04T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17318
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22728
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2023-22728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2023-22728
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
reference_id CVE-2023-22728
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22728
6
reference_url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
url https://github.com/advisories/GHSA-jh3w-6jp2-vqqm
7
reference_url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
reference_id GHSA-jh3w-6jp2-vqqm
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/
url https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm
fixed_packages
0
url pkg:composer/silverstripe/framework@4.12.5
purl pkg:composer/silverstripe/framework@4.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sx-j3x7-gkcr
1
vulnerability VCID-2hk2-hzyh-wbhf
2
vulnerability VCID-5cfa-whq6-9ucp
3
vulnerability VCID-79qx-v5uu-jyf2
4
vulnerability VCID-86vg-4j71-hkgr
5
vulnerability VCID-8u5c-6vx3-mfcr
6
vulnerability VCID-9y5u-qyzd-3ud9
7
vulnerability VCID-gnpw-s9hp-wqfs
8
vulnerability VCID-k46z-g6jp-57ek
9
vulnerability VCID-ky21-z2d2-sye6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5
aliases CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha3