Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/silverstripe/framework@3.4.3

Type composer

Namespace silverstripe

Name framework

Version 3.4.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.3.5

Latest_non_vulnerable_version 5.2.16

Affected_by_vulnerabilities

url VCID-3497-71mw-yqh8

vulnerability_id VCID-3497-71mw-yqh8

summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_id

reference_type

scores

value	0.00322
scoring_system	epss
scoring_elements	0.55522
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5715

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/issues/8814

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5715

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url

https://www.silverstripe.org/download/security-releases/ss-2018-021

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2018-021

fixed_packages

url pkg:composer/silverstripe/framework@3.6.7

purl pkg:composer/silverstripe/framework@3.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7

url pkg:composer/silverstripe/framework@3.7.3

purl pkg:composer/silverstripe/framework@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3

url pkg:composer/silverstripe/framework@4.0.7

purl pkg:composer/silverstripe/framework@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7

url pkg:composer/silverstripe/framework@4.1.5

purl pkg:composer/silverstripe/framework@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5

url pkg:composer/silverstripe/framework@4.2.4

purl pkg:composer/silverstripe/framework@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4

url pkg:composer/silverstripe/framework@4.3.1

purl pkg:composer/silverstripe/framework@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-8bkg-xn4y-nydr

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1

aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3497-71mw-yqh8

url VCID-4mg2-rjsn-qyfx

vulnerability_id VCID-4mg2-rjsn-qyfx

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17126
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12203

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12203

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12203

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12203/
reference_id	CVE-2019-12203
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12203/

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

reference_id

CVE-2019-12203

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12203

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_id

CVE-2019-12203.YAML

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml

reference_url

https://github.com/advisories/GHSA-w7r7-r8r9-vrg2

reference_id

GHSA-w7r7-r8r9-vrg2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w7r7-r8r9-vrg2

fixed_packages

url pkg:composer/silverstripe/framework@3.6.8

purl pkg:composer/silverstripe/framework@3.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8

url pkg:composer/silverstripe/framework@3.7.4

purl pkg:composer/silverstripe/framework@3.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.5
purl	pkg:composer/silverstripe/framework@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx

url VCID-7kmy-8ht6-8fcw

vulnerability_id VCID-7kmy-8ht6-8fcw

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.4898
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12245

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12245

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12245

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id	CVE-2019-12245
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12245/

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_id

CVE-2019-12245

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12245

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_id

CVE-2019-12245.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml

reference_url

https://github.com/advisories/GHSA-jvx5-rm6q-gx7p

reference_id

GHSA-jvx5-rm6q-gx7p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jvx5-rm6q-gx7p

fixed_packages

url pkg:composer/silverstripe/framework@3.6.8

purl pkg:composer/silverstripe/framework@3.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8

url pkg:composer/silverstripe/framework@3.7.4

purl pkg:composer/silverstripe/framework@3.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.6
purl	pkg:composer/silverstripe/framework@4.3.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw

url VCID-91wy-94bg-bfc3

vulnerability_id VCID-91wy-94bg-bfc3

summary

XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.

references

reference_url	https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url	https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d

reference_url	https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/ss-2017-001/

fixed_packages

url pkg:composer/silverstripe/framework@3.4.4-rc1

purl pkg:composer/silverstripe/framework@3.4.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1

url pkg:composer/silverstripe/framework@3.5.2-rc1

purl pkg:composer/silverstripe/framework@3.5.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1

aliases SS-2017-001

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91wy-94bg-bfc3

url VCID-9vwe-uejx-c3c5

vulnerability_id VCID-9vwe-uejx-c3c5

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36012
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12246

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12246

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

reference_id

CVE-2019-12246

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12246

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url pkg:composer/silverstripe/framework@4.4.0

purl pkg:composer/silverstripe/framework@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-4ywc-gcvd-73a9

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0

aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5

url VCID-eu6p-szkb-m7b1

vulnerability_id VCID-eu6p-szkb-m7b1

summary

Cross-site Scripting
There is an XSS in SilverStripe CMS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5197

reference_id

reference_type

scores

value	0.00265
scoring_system	epss
scoring_elements	0.50115
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5197

reference_url

https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url	http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96572

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5197

reference_id

CVE-2017-5197

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5197

reference_url	https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id	GHSA-xmjh-wjc5-wg4h
reference_type
scores
url	https://github.com/advisories/GHSA-xmjh-wjc5-wg4h

fixed_packages

url pkg:composer/silverstripe/framework@3.4.4-rc1

purl pkg:composer/silverstripe/framework@3.4.4-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1

url pkg:composer/silverstripe/framework@3.4.4

purl pkg:composer/silverstripe/framework@3.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4

url pkg:composer/silverstripe/framework@3.5.2-rc1

purl pkg:composer/silverstripe/framework@3.5.2-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1

url pkg:composer/silverstripe/framework@3.5.2

purl pkg:composer/silverstripe/framework@3.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-vrv4-sy3z-jfe2

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-xazf-vmz5-r3dj

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2

aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu6p-szkb-m7b1

url VCID-k1aa-deyg-2kdg

vulnerability_id VCID-k1aa-deyg-2kdg

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14272

reference_id

reference_type

scores

value	0.00347
scoring_system	epss
scoring_elements	0.57522
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14272

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14272

reference_id

CVE-2019-14272

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14272

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-14272

reference_id

CVE-2019-14272

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-14272

fixed_packages

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

url	pkg:composer/silverstripe/framework@4.3.5
purl	pkg:composer/silverstripe/framework@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1aa-deyg-2kdg

url VCID-k6ed-y2ud-wffu

vulnerability_id VCID-k6ed-y2ud-wffu

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14273

reference_id

reference_type

scores

value	0.00336
scoring_system	epss
scoring_elements	0.56678
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14273

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14273

reference_id

CVE-2019-14273

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14273

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-14273

reference_id

CVE-2019-14273

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-14273

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml

reference_id

CVE-2019-14273.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml

reference_url

https://github.com/advisories/GHSA-43jj-2rwc-2m3f

reference_id

GHSA-43jj-2rwc-2m3f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43jj-2rwc-2m3f

fixed_packages

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

url	pkg:composer/silverstripe/framework@4.3.5
purl	pkg:composer/silverstripe/framework@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ed-y2ud-wffu

url VCID-m2bw-tabk-qyd8

vulnerability_id VCID-m2bw-tabk-qyd8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53918
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12617

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://www.silverstripe.org/blog/tag/release

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/blog/tag/release

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12617

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12617

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-12617/
reference_id	CVE-2019-12617
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-12617/

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

reference_id

CVE-2019-12617

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12617

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_id

CVE-2019-12617.YAML

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml

reference_url

https://github.com/advisories/GHSA-6r58-4xgr-gm6m

reference_id

GHSA-6r58-4xgr-gm6m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6r58-4xgr-gm6m

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.5
purl	pkg:composer/silverstripe/framework@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8

url VCID-pq7w-n99a-q7cj

vulnerability_id VCID-pq7w-n99a-q7cj

summary

Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18049

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43716
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18049

reference_url

https://github.com/silverstripe/silverstripe-framework

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework

reference_url

https://www.exploit-db.com/exploits/43396

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/43396

reference_url	https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/43396/

reference_url

https://www.silverstripe.org/download/security-releases/ss-2017-007

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2017-007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18049

reference_id

CVE-2017-18049

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18049

fixed_packages

url pkg:composer/silverstripe/framework@3.5.6-rc1

purl pkg:composer/silverstripe/framework@3.5.6-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1

url pkg:composer/silverstripe/framework@3.5.6

purl pkg:composer/silverstripe/framework@3.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6

url pkg:composer/silverstripe/framework@3.6.3-rc2

purl pkg:composer/silverstripe/framework@3.6.3-rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2

url pkg:composer/silverstripe/framework@3.6.3

purl pkg:composer/silverstripe/framework@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3

url pkg:composer/silverstripe/framework@4.0.1-rc1

purl pkg:composer/silverstripe/framework@4.0.1-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1

url pkg:composer/silverstripe/framework@4.0.1

purl pkg:composer/silverstripe/framework@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-jc9t-3hb5-z3g5

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1

aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq7w-n99a-q7cj

url VCID-vrv4-sy3z-jfe2

vulnerability_id VCID-vrv4-sy3z-jfe2

summary

Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.

references

reference_url

http://lists.openwall.net/full-disclosure/2017/09/14/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openwall.net/full-disclosure/2017/09/14/2

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-14498

reference_id

reference_type

scores

value	0.00375
scoring_system	epss
scoring_elements	0.59419
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-14498

reference_url

https://docs.silverstripe.org/en/3/changelogs/3.6.1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.silverstripe.org/en/3/changelogs/3.6.1

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a

reference_url

https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-14498

reference_id

CVE-2017-14498

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-14498

fixed_packages

url pkg:composer/silverstripe/framework@3.6.1-alpha2

purl pkg:composer/silverstripe/framework@3.6.1-alpha2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2

url pkg:composer/silverstripe/framework@3.6.1

purl pkg:composer/silverstripe/framework@3.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1

aliases CVE-2017-14498, GHSA-j696-6m57-mcrv

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrv4-sy3z-jfe2

url VCID-x6g5-a61e-3khu

vulnerability_id VCID-x6g5-a61e-3khu

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59603
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12205

reference_url

https://forum.silverstripe.org/c/releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml

reference_url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e

reference_url

https://www.silverstripe.org/download/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12205

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12205

reference_url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

reference_id

CVE-2019-12205

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/CVE-2019-12205

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

url	pkg:composer/silverstripe/framework@4.3.5
purl	pkg:composer/silverstripe/framework@4.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4ywc-gcvd-73a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu

url VCID-xazf-vmz5-r3dj

vulnerability_id VCID-xazf-vmz5-r3dj

summary

Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12849

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.6047
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12849

reference_url

https://www.silverstripe.org/download/security-releases/ss-2017-005

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/ss-2017-005

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12849

reference_id

CVE-2017-12849

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12849

fixed_packages

url pkg:composer/silverstripe/framework@3.5.5-beta1

purl pkg:composer/silverstripe/framework@3.5.5-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1

url pkg:composer/silverstripe/framework@3.5.5

purl pkg:composer/silverstripe/framework@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5

url pkg:composer/silverstripe/framework@3.6.1-alpha2

purl pkg:composer/silverstripe/framework@3.6.1-alpha2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2

url pkg:composer/silverstripe/framework@3.6.1

purl pkg:composer/silverstripe/framework@3.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3497-71mw-yqh8

vulnerability	VCID-4mg2-rjsn-qyfx

vulnerability	VCID-7kmy-8ht6-8fcw

vulnerability	VCID-9vwe-uejx-c3c5

vulnerability	VCID-k1aa-deyg-2kdg

vulnerability	VCID-k6ed-y2ud-wffu

vulnerability	VCID-m2bw-tabk-qyd8

vulnerability	VCID-pq7w-n99a-q7cj

vulnerability	VCID-x6g5-a61e-3khu

vulnerability	VCID-yxg1-dz91-ckgs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1

aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xazf-vmz5-r3dj

url VCID-yxg1-dz91-ckgs

vulnerability_id VCID-yxg1-dz91-ckgs

summary

Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.41992
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12437

reference_url	https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url	https://forum.silverstripe.org/c/releases

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml

reference_url

https://github.com/silverstripe/silverstripe-graphql

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c

reference_url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff

reference_url	https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url	https://www.silverstripe.org/blog/tag/release

reference_url	https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12437

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

reference_id

CVE-2019-12437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-12437

fixed_packages

url pkg:composer/silverstripe/framework@4.3.4

purl pkg:composer/silverstripe/framework@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jc9t-3hb5-z3g5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4

aliases CVE-2019-12437, GHSA-fx37-56v6-85q6

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.3

Package Instance