Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.0.14
Typecomposer
Namespacesilverstripe
Nameframework
Version3.0.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.7.5
Latest_non_vulnerable_version5.3.23
Affected_by_vulnerabilities
0
url VCID-1mmc-91gk-r3d3
vulnerability_id VCID-1mmc-91gk-r3d3
summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55549
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/issues/8814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/issues/8814
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-021
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.7
purl pkg:composer/silverstripe/framework@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7
1
url pkg:composer/silverstripe/framework@3.7.3
purl pkg:composer/silverstripe/framework@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3
2
url pkg:composer/silverstripe/framework@4.0.7
purl pkg:composer/silverstripe/framework@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7
3
url pkg:composer/silverstripe/framework@4.1.5
purl pkg:composer/silverstripe/framework@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5
4
url pkg:composer/silverstripe/framework@4.2.4
purl pkg:composer/silverstripe/framework@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4
5
url pkg:composer/silverstripe/framework@4.3.1
purl pkg:composer/silverstripe/framework@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1
aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3
1
url VCID-1uhv-fetz-j7fd
vulnerability_id VCID-1uhv-fetz-j7fd
summary 
XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-001
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-001
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd
2
url VCID-36z3-nafq-6kez
vulnerability_id VCID-36z3-nafq-6kez
summary 
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-001/
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-016
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez
3
url VCID-3x46-q9cb-7ubg
vulnerability_id VCID-3x46-q9cb-7ubg
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60505
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5-beta1
purl pkg:composer/silverstripe/framework@3.5.5-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1
1
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
2
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
3
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg
4
url VCID-4n9x-x4kd-jyfu
vulnerability_id VCID-4n9x-x4kd-jyfu
summary 
XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.16
purl pkg:composer/silverstripe/framework@3.1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnhv-qx7p-wqcw
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-q939-fszs-wfdp
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-r1eg-dwej-5kau
24
vulnerability VCID-rrmd-ud59-ffbp
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-vatm-1vbd-bfam
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16
1
url pkg:composer/silverstripe/framework@3.2.0-beta1
purl pkg:composer/silverstripe/framework@3.2.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-h4k6-fruf-uqff
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nu3h-nb1g-67bs
21
vulnerability VCID-nute-ndg2-z7ev
22
vulnerability VCID-q939-fszs-wfdp
23
vulnerability VCID-qdwg-f2bx-1bay
24
vulnerability VCID-r1eg-dwej-5kau
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-xg74-3h1h-kqaf
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-yfuu-th6b-nba4
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1
2
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnhv-qx7p-wqcw
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-q939-fszs-wfdp
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-r1eg-dwej-5kau
24
vulnerability VCID-rrmd-ud59-ffbp
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-vatm-1vbd-bfam
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n9x-x4kd-jyfu
5
url VCID-7ek4-6y31-1qcs
vulnerability_id VCID-7ek4-6y31-1qcs
summary 
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-014
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs
6
url VCID-7hxq-cp29-r7dh
vulnerability_id VCID-7hxq-cp29-r7dh
summary 
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57535
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh
7
url VCID-at1s-qxsg-5yfs
vulnerability_id VCID-at1s-qxsg-5yfs
summary 
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-015
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs
8
url VCID-b6nm-cphj-wfgw
vulnerability_id VCID-b6nm-cphj-wfgw
summary 
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53948
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw
9
url VCID-b7xq-cz8w-ubgm
vulnerability_id VCID-b7xq-cz8w-ubgm
summary 
Privilege Escalation
A member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.
references
0
reference_url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
reference_id
reference_type
scores
url http://www.silverstripe.org/software/download/security-releases/ss-2015-020/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.14
purl pkg:composer/silverstripe/framework@3.1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-evh4-xq48-4fa6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-ggbg-8mtc-hudc
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-h4k6-fruf-uqff
18
vulnerability VCID-hnhv-qx7p-wqcw
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-rrmd-ud59-ffbp
28
vulnerability VCID-t81f-5b8z-hyht
29
vulnerability VCID-umhc-fdfh-1fdx
30
vulnerability VCID-vatm-1vbd-bfam
31
vulnerability VCID-xg74-3h1h-kqaf
32
vulnerability VCID-y8et-m846-2fc6
33
vulnerability VCID-yfuu-th6b-nba4
34
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14
aliases SS-2015-020
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7xq-cz8w-ubgm
10
url VCID-b95v-49p7-fkas
vulnerability_id VCID-b95v-49p7-fkas
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
1
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas
11
url VCID-c437-w2zy-y7c9
vulnerability_id VCID-c437-w2zy-y7c9
summary 
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.10-stable
purl pkg:composer/silverstripe/framework@3.4.10-stable
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9
12
url VCID-c6bz-jwhm-vkgp
vulnerability_id VCID-c6bz-jwhm-vkgp
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5014
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.4.4
purl pkg:composer/silverstripe/framework@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4
2
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
3
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp
13
url VCID-cmwn-cjff-9qau
vulnerability_id VCID-cmwn-cjff-9qau
summary 
Session Fixation
SilverStripe allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau
14
url VCID-evh4-xq48-4fa6
vulnerability_id VCID-evh4-xq48-4fa6
summary 
Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-005
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-005
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6
15
url VCID-ewg1-jqza-eyez
vulnerability_id VCID-ewg1-jqza-eyez
summary 
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez
16
url VCID-ggbg-8mtc-hudc
vulnerability_id VCID-ggbg-8mtc-hudc
summary 
XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-004
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-004
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc
17
url VCID-gkkp-9fm7-jfaz
vulnerability_id VCID-gkkp-9fm7-jfaz
summary 
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz
18
url VCID-h4k6-fruf-uqff
vulnerability_id VCID-h4k6-fruf-uqff
summary 
Insufficient sanitization in "Add from URL"
"Add from URL" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.
references
0
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnhv-qx7p-wqcw
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-q939-fszs-wfdp
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-r1eg-dwej-5kau
24
vulnerability VCID-rrmd-ud59-ffbp
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-vatm-1vbd-bfam
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4k6-fruf-uqff
19
url VCID-hnme-cqff-c7dp
vulnerability_id VCID-hnme-cqff-c7dp
summary 
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-010/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-010
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp
20
url VCID-m5rs-qptc-vued
vulnerability_id VCID-m5rs-qptc-vued
summary 
Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
1
reference_url http://stackoverflow.com/a/15350123
reference_id
reference_type
scores
url http://stackoverflow.com/a/15350123
2
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-006
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued
21
url VCID-mkex-ht2r-cucz
vulnerability_id VCID-mkex-ht2r-cucz
summary 
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56702
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz
22
url VCID-nu3h-nb1g-67bs
vulnerability_id VCID-nu3h-nb1g-67bs
summary 
Improper Input Validation
`HtmlEditor` improper URL sanitisation.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-027/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-027/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnhv-qx7p-wqcw
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-q939-fszs-wfdp
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-r1eg-dwej-5kau
24
vulnerability VCID-rrmd-ud59-ffbp
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-vatm-1vbd-bfam
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-027-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3h-nb1g-67bs
23
url VCID-nute-ndg2-z7ev
vulnerability_id VCID-nute-ndg2-z7ev
summary 
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59631
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev
24
url VCID-q939-fszs-wfdp
vulnerability_id VCID-q939-fszs-wfdp
summary 
CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-029
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-029
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2015-029
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp
25
url VCID-qdwg-f2bx-1bay
vulnerability_id VCID-qdwg-f2bx-1bay
summary 
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43711
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.exploit-db.com/exploits/43396
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43396
3
reference_url https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43396/
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
reference_id CVE-2017-18049
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6-rc1
purl pkg:composer/silverstripe/framework@3.5.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1
1
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
2
url pkg:composer/silverstripe/framework@3.6.3-rc2
purl pkg:composer/silverstripe/framework@3.6.3-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2
3
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
4
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
5
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay
26
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
27
url VCID-t81f-5b8z-hyht
vulnerability_id VCID-t81f-5b8z-hyht
summary 
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2017-001/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
aliases SS-2017-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht
28
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
29
url VCID-xg74-3h1h-kqaf
vulnerability_id VCID-xg74-3h1h-kqaf
summary 
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.35994
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-nzcm-xbxx-wyf9
2
vulnerability VCID-ru3j-21j8-ayhm
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf
30
url VCID-y8et-m846-2fc6
vulnerability_id VCID-y8et-m846-2fc6
summary 
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49005
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id CVE-2019-12245.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
9
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6
31
url VCID-yfuu-th6b-nba4
vulnerability_id VCID-yfuu-th6b-nba4
summary 
Cross-site Scripting
Form field validation message XSS vulnerability.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2015-026/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2015-026/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.1
purl pkg:composer/silverstripe/framework@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-evh4-xq48-4fa6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-ggbg-8mtc-hudc
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnhv-qx7p-wqcw
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-m5rs-qptc-vued
19
vulnerability VCID-mkex-ht2r-cucz
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-q939-fszs-wfdp
22
vulnerability VCID-qdwg-f2bx-1bay
23
vulnerability VCID-r1eg-dwej-5kau
24
vulnerability VCID-rrmd-ud59-ffbp
25
vulnerability VCID-t81f-5b8z-hyht
26
vulnerability VCID-umhc-fdfh-1fdx
27
vulnerability VCID-vatm-1vbd-bfam
28
vulnerability VCID-xg74-3h1h-kqaf
29
vulnerability VCID-y8et-m846-2fc6
30
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1
1
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-026-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfuu-th6b-nba4
32
url VCID-z28b-1yrx-1bbn
vulnerability_id VCID-z28b-1yrx-1bbn
summary 
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-008/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-008
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn
Fixing_vulnerabilities
0
url VCID-5ztp-wmty-aybx
vulnerability_id VCID-5ztp-wmty-aybx
summary 
Silverstripe External redirection risk in Security?ReturnURL
A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.

For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with "login failed" then the user will likely just enter their user/pass again.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-012
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-012
5
reference_url https://github.com/advisories/GHSA-vp8p-c6xj-xpj7
reference_id GHSA-vp8p-c6xj-xpj7
reference_type
scores
url https://github.com/advisories/GHSA-vp8p-c6xj-xpj7
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-q939-fszs-wfdp
26
vulnerability VCID-qdwg-f2bx-1bay
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-rrmd-ud59-ffbp
29
vulnerability VCID-sfyd-qn7r-eqdg
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-vatm-1vbd-bfam
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-yfuu-th6b-nba4
37
vulnerability VCID-z28b-1yrx-1bbn
38
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases GHSA-vp8p-c6xj-xpj7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ztp-wmty-aybx
1
url VCID-78b6-1v3w-qfc3
vulnerability_id VCID-78b6-1v3w-qfc3
summary 
URL Redirection to Untrusted Site (Open Redirect)
External redirection risk in `Security?ReturnURL`.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13-rc1
purl pkg:composer/silverstripe/framework@3.1.13-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-puvt-j32v-77eh
26
vulnerability VCID-q939-fszs-wfdp
27
vulnerability VCID-qdwg-f2bx-1bay
28
vulnerability VCID-r1eg-dwej-5kau
29
vulnerability VCID-rrmd-ud59-ffbp
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-uyxp-7fh1-77cg
34
vulnerability VCID-vatm-1vbd-bfam
35
vulnerability VCID-wmfv-vtnz-bkad
36
vulnerability VCID-xg74-3h1h-kqaf
37
vulnerability VCID-y8et-m846-2fc6
38
vulnerability VCID-yfuu-th6b-nba4
39
vulnerability VCID-z28b-1yrx-1bbn
40
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1
3
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-q939-fszs-wfdp
26
vulnerability VCID-qdwg-f2bx-1bay
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-rrmd-ud59-ffbp
29
vulnerability VCID-sfyd-qn7r-eqdg
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-vatm-1vbd-bfam
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-yfuu-th6b-nba4
37
vulnerability VCID-z28b-1yrx-1bbn
38
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases SS-2015-012-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78b6-1v3w-qfc3
2
url VCID-7bpb-cgj3-b7ay
vulnerability_id VCID-7bpb-cgj3-b7ay
summary 
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
When a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters.

For instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, "flush" could also be used in succession to cause excessive load on a victim site and risk denial of service.

The fix in this case is to ensure that empty tokens fail the validation check.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3
4
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014
5
reference_url https://github.com/advisories/GHSA-g4hp-pfvf-vm5w
reference_id GHSA-g4hp-pfvf-vm5w
reference_type
scores
url https://github.com/advisories/GHSA-g4hp-pfvf-vm5w
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-q939-fszs-wfdp
26
vulnerability VCID-qdwg-f2bx-1bay
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-rrmd-ud59-ffbp
29
vulnerability VCID-sfyd-qn7r-eqdg
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-vatm-1vbd-bfam
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-yfuu-th6b-nba4
37
vulnerability VCID-z28b-1yrx-1bbn
38
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
aliases GHSA-g4hp-pfvf-vm5w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpb-cgj3-b7ay
3
url VCID-uyxp-7fh1-77cg
vulnerability_id VCID-uyxp-7fh1-77cg
summary 
Code Injection
Vulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-q939-fszs-wfdp
26
vulnerability VCID-qdwg-f2bx-1bay
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-rrmd-ud59-ffbp
29
vulnerability VCID-sfyd-qn7r-eqdg
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-vatm-1vbd-bfam
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-yfuu-th6b-nba4
37
vulnerability VCID-z28b-1yrx-1bbn
38
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-014-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyxp-7fh1-77cg
4
url VCID-wmfv-vtnz-bkad
vulnerability_id VCID-wmfv-vtnz-bkad
summary Potential SQL Injection Vulnerability in silverstripe.
references
0
reference_url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/software/download/security-releases/ss-2015-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.0.14
purl pkg:composer/silverstripe/framework@3.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14
1
url pkg:composer/silverstripe/framework@3.1.0-beta1
purl pkg:composer/silverstripe/framework@3.1.0-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnme-cqff-c7dp
20
vulnerability VCID-m5rs-qptc-vued
21
vulnerability VCID-mkex-ht2r-cucz
22
vulnerability VCID-nu3h-nb1g-67bs
23
vulnerability VCID-nute-ndg2-z7ev
24
vulnerability VCID-q939-fszs-wfdp
25
vulnerability VCID-qdwg-f2bx-1bay
26
vulnerability VCID-r1eg-dwej-5kau
27
vulnerability VCID-t81f-5b8z-hyht
28
vulnerability VCID-umhc-fdfh-1fdx
29
vulnerability VCID-xg74-3h1h-kqaf
30
vulnerability VCID-y8et-m846-2fc6
31
vulnerability VCID-yfuu-th6b-nba4
32
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1
2
url pkg:composer/silverstripe/framework@3.1.13
purl pkg:composer/silverstripe/framework@3.1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-1uhv-fetz-j7fd
2
vulnerability VCID-36z3-nafq-6kez
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4n9x-x4kd-jyfu
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b7xq-cz8w-ubgm
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-evh4-xq48-4fa6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-ggbg-8mtc-hudc
17
vulnerability VCID-gkkp-9fm7-jfaz
18
vulnerability VCID-h4k6-fruf-uqff
19
vulnerability VCID-hnhv-qx7p-wqcw
20
vulnerability VCID-hnme-cqff-c7dp
21
vulnerability VCID-m5rs-qptc-vued
22
vulnerability VCID-mkex-ht2r-cucz
23
vulnerability VCID-nu3h-nb1g-67bs
24
vulnerability VCID-nute-ndg2-z7ev
25
vulnerability VCID-q939-fszs-wfdp
26
vulnerability VCID-qdwg-f2bx-1bay
27
vulnerability VCID-r1eg-dwej-5kau
28
vulnerability VCID-rrmd-ud59-ffbp
29
vulnerability VCID-sfyd-qn7r-eqdg
30
vulnerability VCID-t81f-5b8z-hyht
31
vulnerability VCID-twrb-6j51-aqcy
32
vulnerability VCID-umhc-fdfh-1fdx
33
vulnerability VCID-vatm-1vbd-bfam
34
vulnerability VCID-xg74-3h1h-kqaf
35
vulnerability VCID-y8et-m846-2fc6
36
vulnerability VCID-yfuu-th6b-nba4
37
vulnerability VCID-z28b-1yrx-1bbn
38
vulnerability VCID-zckr-zxq4-jyev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13
3
url pkg:composer/silverstripe/framework@4.12.0-rc1
purl pkg:composer/silverstripe/framework@4.12.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1
aliases SS-2015-011-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmfv-vtnz-bkad
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14