Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/framework@3.1.19-rc1
Typecomposer
Namespacesilverstripe
Nameframework
Version3.1.19-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.7.5
Latest_non_vulnerable_version5.3.23
Affected_by_vulnerabilities
0
url VCID-1mmc-91gk-r3d3
vulnerability_id VCID-1mmc-91gk-r3d3
summary SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55549
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5715
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/issues/8814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/issues/8814
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5715
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-021
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-021
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.7
purl pkg:composer/silverstripe/framework@3.6.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7
1
url pkg:composer/silverstripe/framework@3.7.3
purl pkg:composer/silverstripe/framework@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3
2
url pkg:composer/silverstripe/framework@4.0.7
purl pkg:composer/silverstripe/framework@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7
3
url pkg:composer/silverstripe/framework@4.1.5
purl pkg:composer/silverstripe/framework@4.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5
4
url pkg:composer/silverstripe/framework@4.2.4
purl pkg:composer/silverstripe/framework@4.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4
5
url pkg:composer/silverstripe/framework@4.3.1
purl pkg:composer/silverstripe/framework@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b6nm-cphj-wfgw
1
vulnerability VCID-cmwn-cjff-9qau
2
vulnerability VCID-nute-ndg2-z7ev
3
vulnerability VCID-nzcm-xbxx-wyf9
4
vulnerability VCID-r1eg-dwej-5kau
5
vulnerability VCID-ru3j-21j8-ayhm
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
8
vulnerability VCID-ytbc-8mhd-b3fc
9
vulnerability VCID-z94y-nz4f-y7er
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1
aliases CVE-2019-5715, GHSA-wvfw-w3x6-g526
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3
1
url VCID-36z3-nafq-6kez
vulnerability_id VCID-36z3-nafq-6kez
summary 
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-001/
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-016/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-016/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-016
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez
2
url VCID-3x46-q9cb-7ubg
vulnerability_id VCID-3x46-q9cb-7ubg
summary 
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60505
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12849
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-005
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
reference_id CVE-2017-12849
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12849
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.5-beta1
purl pkg:composer/silverstripe/framework@3.5.5-beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1
1
url pkg:composer/silverstripe/framework@3.5.5
purl pkg:composer/silverstripe/framework@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5
2
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
3
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg
3
url VCID-7ek4-6y31-1qcs
vulnerability_id VCID-7ek4-6y31-1qcs
summary 
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-014/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-014
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs
4
url VCID-7hxq-cp29-r7dh
vulnerability_id VCID-7hxq-cp29-r7dh
summary 
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
reference_id
reference_type
scores
0
value 0.00347
scoring_system epss
scoring_elements 0.57535
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14272
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14272
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
reference_id CVE-2019-14272
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14272
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh
5
url VCID-7jm4-cjg3-rkcz
vulnerability_id VCID-7jm4-cjg3-rkcz
summary 
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-014
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-014
7
reference_url https://github.com/advisories/GHSA-5r8w-66hq-rc39
reference_id GHSA-5r8w-66hq-rc39
reference_type
scores
url https://github.com/advisories/GHSA-5r8w-66hq-rc39
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
aliases GHSA-5r8w-66hq-rc39
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jm4-cjg3-rkcz
6
url VCID-at1s-qxsg-5yfs
vulnerability_id VCID-at1s-qxsg-5yfs
summary 
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-015/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-015
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs
7
url VCID-b6nm-cphj-wfgw
vulnerability_id VCID-b6nm-cphj-wfgw
summary 
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53948
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12617
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml
3
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12617
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12617
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12617
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
reference_id CVE-2019-12617
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12617
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12617, GHSA-6r58-4xgr-gm6m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw
8
url VCID-b95v-49p7-fkas
vulnerability_id VCID-b95v-49p7-fkas
summary 
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.
references
0
reference_url http://lists.openwall.net/full-disclosure/2017/09/14/2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openwall.net/full-disclosure/2017/09/14/2
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
reference_id
reference_type
scores
0
value 0.00375
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14498
2
reference_url https://docs.silverstripe.org/en/3/changelogs/3.6.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.silverstripe.org/en/3/changelogs/3.6.1
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a
4
reference_url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
reference_id CVE-2017-14498
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-14498
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.1-alpha2
purl pkg:composer/silverstripe/framework@3.6.1-alpha2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2
1
url pkg:composer/silverstripe/framework@3.6.1
purl pkg:composer/silverstripe/framework@3.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-qdwg-f2bx-1bay
7
vulnerability VCID-r1eg-dwej-5kau
8
vulnerability VCID-umhc-fdfh-1fdx
9
vulnerability VCID-xg74-3h1h-kqaf
10
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1
aliases CVE-2017-14498, GHSA-j696-6m57-mcrv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas
9
url VCID-c437-w2zy-y7c9
vulnerability_id VCID-c437-w2zy-y7c9
summary 
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-011/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
1
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
2
url pkg:composer/silverstripe/framework@3.4.10-stable
purl pkg:composer/silverstripe/framework@3.4.10-stable
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable
3
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9
10
url VCID-c6bz-jwhm-vkgp
vulnerability_id VCID-c6bz-jwhm-vkgp
summary 
Cross-site Scripting
There is an XSS in SilverStripe CMS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
reference_id
reference_type
scores
0
value 0.00265
scoring_system epss
scoring_elements 0.5014
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5197
1
reference_url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url http://www.securityfocus.com/bid/96572
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96572
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
reference_id CVE-2017-5197
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5197
6
reference_url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
reference_id GHSA-xmjh-wjc5-wg4h
reference_type
scores
url https://github.com/advisories/GHSA-xmjh-wjc5-wg4h
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.4.4
purl pkg:composer/silverstripe/framework@3.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4
2
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
3
url pkg:composer/silverstripe/framework@3.5.2
purl pkg:composer/silverstripe/framework@3.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2
aliases CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp
11
url VCID-cmwn-cjff-9qau
vulnerability_id VCID-cmwn-cjff-9qau
summary 
Session Fixation
SilverStripe allows session fixation in the "change password" form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17108
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12203
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12203
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12203
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12203
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
reference_id CVE-2019-12203
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12203
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau
12
url VCID-czh2-w6fk-xqd6
vulnerability_id VCID-czh2-w6fk-xqd6
summary 
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-011
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-011
7
reference_url https://github.com/advisories/GHSA-p5h2-vr99-xm99
reference_id GHSA-p5h2-vr99-xm99
reference_type
scores
url https://github.com/advisories/GHSA-p5h2-vr99-xm99
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
aliases GHSA-p5h2-vr99-xm99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czh2-w6fk-xqd6
13
url VCID-ewg1-jqza-eyez
vulnerability_id VCID-ewg1-jqza-eyez
summary 
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-013/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-013/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez
14
url VCID-gkkp-9fm7-jfaz
vulnerability_id VCID-gkkp-9fm7-jfaz
summary 
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-012/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz
15
url VCID-hnme-cqff-c7dp
vulnerability_id VCID-hnme-cqff-c7dp
summary 
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-010/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-010/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.21
purl pkg:composer/silverstripe/framework@3.1.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21
1
url pkg:composer/silverstripe/framework@3.2.6
purl pkg:composer/silverstripe/framework@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6
2
url pkg:composer/silverstripe/framework@3.3.4
purl pkg:composer/silverstripe/framework@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4
3
url pkg:composer/silverstripe/framework@3.4.2
purl pkg:composer/silverstripe/framework@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-c6bz-jwhm-vkgp
6
vulnerability VCID-cmwn-cjff-9qau
7
vulnerability VCID-mkex-ht2r-cucz
8
vulnerability VCID-nute-ndg2-z7ev
9
vulnerability VCID-qdwg-f2bx-1bay
10
vulnerability VCID-r1eg-dwej-5kau
11
vulnerability VCID-t81f-5b8z-hyht
12
vulnerability VCID-umhc-fdfh-1fdx
13
vulnerability VCID-xg74-3h1h-kqaf
14
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2
aliases SS-2016-010
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp
16
url VCID-mkex-ht2r-cucz
vulnerability_id VCID-mkex-ht2r-cucz
summary 
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
reference_id
reference_type
scores
0
value 0.00336
scoring_system epss
scoring_elements 0.56702
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14273
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14273
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
reference_id CVE-2019-14273
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-14273
fixed_packages
0
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
1
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
2
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
3
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-14273, GHSA-43jj-2rwc-2m3f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz
17
url VCID-n1mj-u4yk-jqhn
vulnerability_id VCID-n1mj-u4yk-jqhn
summary 
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-015
7
reference_url https://github.com/advisories/GHSA-468j-6jrc-2rjx
reference_id GHSA-468j-6jrc-2rjx
reference_type
scores
url https://github.com/advisories/GHSA-468j-6jrc-2rjx
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
aliases GHSA-468j-6jrc-2rjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1mj-u4yk-jqhn
18
url VCID-nute-ndg2-z7ev
vulnerability_id VCID-nute-ndg2-z7ev
summary 
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59631
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
5
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id CVE-2019-12205
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.3.5
purl pkg:composer/silverstripe/framework@4.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ru3j-21j8-ayhm
1
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5
2
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev
19
url VCID-qdwg-f2bx-1bay
vulnerability_id VCID-qdwg-f2bx-1bay
summary 
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43711
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18049
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.exploit-db.com/exploits/43396
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/43396
3
reference_url https://www.exploit-db.com/exploits/43396/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/43396/
4
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-007
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2017-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
reference_id CVE-2017-18049
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18049
fixed_packages
0
url pkg:composer/silverstripe/framework@3.5.6-rc1
purl pkg:composer/silverstripe/framework@3.5.6-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1
1
url pkg:composer/silverstripe/framework@3.5.6
purl pkg:composer/silverstripe/framework@3.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6
2
url pkg:composer/silverstripe/framework@3.6.3-rc2
purl pkg:composer/silverstripe/framework@3.6.3-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2
3
url pkg:composer/silverstripe/framework@3.6.3
purl pkg:composer/silverstripe/framework@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-7hxq-cp29-r7dh
2
vulnerability VCID-b6nm-cphj-wfgw
3
vulnerability VCID-cmwn-cjff-9qau
4
vulnerability VCID-mkex-ht2r-cucz
5
vulnerability VCID-nute-ndg2-z7ev
6
vulnerability VCID-r1eg-dwej-5kau
7
vulnerability VCID-umhc-fdfh-1fdx
8
vulnerability VCID-xg74-3h1h-kqaf
9
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3
4
url pkg:composer/silverstripe/framework@4.0.1-rc1
purl pkg:composer/silverstripe/framework@4.0.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1
5
url pkg:composer/silverstripe/framework@4.0.1
purl pkg:composer/silverstripe/framework@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-nute-ndg2-z7ev
4
vulnerability VCID-nzcm-xbxx-wyf9
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-ru3j-21j8-ayhm
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
9
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1
aliases CVE-2017-18049, GHSA-2jvj-mhf2-g99w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay
20
url VCID-r1eg-dwej-5kau
vulnerability_id VCID-r1eg-dwej-5kau
summary 
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12437
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml
3
reference_url https://github.com/silverstripe/silverstripe-graphql
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql
4
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c
5
reference_url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff
6
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
url https://www.silverstripe.org/blog/tag/release
7
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12437
9
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12437
reference_id CVE-2019-12437
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12437
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
aliases CVE-2019-12437, GHSA-fx37-56v6-85q6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau
21
url VCID-t81f-5b8z-hyht
vulnerability_id VCID-t81f-5b8z-hyht
summary 
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d
1
reference_url https://www.silverstripe.org/download/security-releases/ss-2017-001/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2017-001/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.4.4-rc1
purl pkg:composer/silverstripe/framework@3.4.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1
1
url pkg:composer/silverstripe/framework@3.5.2-rc1
purl pkg:composer/silverstripe/framework@3.5.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-3x46-q9cb-7ubg
2
vulnerability VCID-7hxq-cp29-r7dh
3
vulnerability VCID-b6nm-cphj-wfgw
4
vulnerability VCID-b95v-49p7-fkas
5
vulnerability VCID-cmwn-cjff-9qau
6
vulnerability VCID-mkex-ht2r-cucz
7
vulnerability VCID-nute-ndg2-z7ev
8
vulnerability VCID-qdwg-f2bx-1bay
9
vulnerability VCID-r1eg-dwej-5kau
10
vulnerability VCID-umhc-fdfh-1fdx
11
vulnerability VCID-xg74-3h1h-kqaf
12
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1
aliases SS-2017-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht
22
url VCID-umhc-fdfh-1fdx
vulnerability_id VCID-umhc-fdfh-1fdx
summary 
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57155
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9311
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml
2
reference_url https://github.com/silverstripe/silverstripe-cms
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-cms
3
reference_url https://www.silverstripe.org/download/security-releases/cve-2020-9311
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2020-9311
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9311
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
reference_id CVE-2020-9311
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2020-9311
fixed_packages
0
url pkg:composer/silverstripe/framework@3.7.5
purl pkg:composer/silverstripe/framework@3.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5
aliases CVE-2020-9311, GHSA-2pw2-qpcp-m47x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx
23
url VCID-vatg-guxu-2ud7
vulnerability_id VCID-vatg-guxu-2ud7
summary 
silverstripe/framework missing ACL on reports
The SS_Report, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user.

It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-012
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-012
3
reference_url https://github.com/advisories/GHSA-52cx-hpc5-cxwc
reference_id GHSA-52cx-hpc5-cxwc
reference_type
scores
url https://github.com/advisories/GHSA-52cx-hpc5-cxwc
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
aliases GHSA-52cx-hpc5-cxwc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vatg-guxu-2ud7
24
url VCID-xg74-3h1h-kqaf
vulnerability_id VCID-xg74-3h1h-kqaf
summary 
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.35994
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12246
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml
3
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab
5
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/blog/tag/release
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12246
8
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12246
reference_id CVE-2019-12246
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12246
fixed_packages
0
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
1
url pkg:composer/silverstripe/framework@4.4.0
purl pkg:composer/silverstripe/framework@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-nzcm-xbxx-wyf9
2
vulnerability VCID-ru3j-21j8-ayhm
3
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0
aliases CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf
25
url VCID-y6gd-vy49-17b4
vulnerability_id VCID-y6gd-vy49-17b4
summary 
silverstripe/framework password encryption salt not updated
When a user changes their password, the internal salt used for hashing their password is not updated.

Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
2
reference_url https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81
3
reference_url https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a
4
reference_url https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285
5
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4
6
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2016-008
7
reference_url https://github.com/advisories/GHSA-f3wp-xpv2-6vmg
reference_id GHSA-f3wp-xpv2-6vmg
reference_type
scores
url https://github.com/advisories/GHSA-f3wp-xpv2-6vmg
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
aliases GHSA-f3wp-xpv2-6vmg
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6gd-vy49-17b4
26
url VCID-y8et-m846-2fc6
vulnerability_id VCID-y8et-m846-2fc6
summary 
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.49005
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12245
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
3
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
4
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12245
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12245
6
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
reference_id CVE-2019-12245
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12245/
7
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
reference_id CVE-2019-12245
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12245
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
reference_id CVE-2019-12245.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml
9
reference_url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
reference_id GHSA-jvx5-rm6q-gx7p
reference_type
scores
url https://github.com/advisories/GHSA-jvx5-rm6q-gx7p
fixed_packages
0
url pkg:composer/silverstripe/framework@3.6.8
purl pkg:composer/silverstripe/framework@3.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8
1
url pkg:composer/silverstripe/framework@3.7.4
purl pkg:composer/silverstripe/framework@3.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-umhc-fdfh-1fdx
7
vulnerability VCID-xg74-3h1h-kqaf
8
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4
2
url pkg:composer/silverstripe/framework@4.3.4
purl pkg:composer/silverstripe/framework@4.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nzcm-xbxx-wyf9
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4
3
url pkg:composer/silverstripe/framework@4.3.6
purl pkg:composer/silverstripe/framework@4.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6
4
url pkg:composer/silverstripe/framework@4.4.4
purl pkg:composer/silverstripe/framework@4.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5dt7-nc8t-nqgh
1
vulnerability VCID-ru3j-21j8-ayhm
2
vulnerability VCID-ytbc-8mhd-b3fc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4
aliases CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6
27
url VCID-z28b-1yrx-1bbn
vulnerability_id VCID-z28b-1yrx-1bbn
summary 
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated.
references
0
reference_url https://www.silverstripe.org/download/security-releases/ss-2016-008/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/ss-2016-008/
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.20
purl pkg:composer/silverstripe/framework@3.1.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20
1
url pkg:composer/silverstripe/framework@3.2.5
purl pkg:composer/silverstripe/framework@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5
2
url pkg:composer/silverstripe/framework@3.3.3
purl pkg:composer/silverstripe/framework@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3
3
url pkg:composer/silverstripe/framework@3.4.1
purl pkg:composer/silverstripe/framework@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7hxq-cp29-r7dh
4
vulnerability VCID-b6nm-cphj-wfgw
5
vulnerability VCID-b95v-49p7-fkas
6
vulnerability VCID-c6bz-jwhm-vkgp
7
vulnerability VCID-cmwn-cjff-9qau
8
vulnerability VCID-hnme-cqff-c7dp
9
vulnerability VCID-mkex-ht2r-cucz
10
vulnerability VCID-nute-ndg2-z7ev
11
vulnerability VCID-qdwg-f2bx-1bay
12
vulnerability VCID-r1eg-dwej-5kau
13
vulnerability VCID-t81f-5b8z-hyht
14
vulnerability VCID-umhc-fdfh-1fdx
15
vulnerability VCID-xg74-3h1h-kqaf
16
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1
4
url pkg:composer/silverstripe/framework@4.0.0-alpha1
purl pkg:composer/silverstripe/framework@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7hxq-cp29-r7dh
1
vulnerability VCID-b6nm-cphj-wfgw
2
vulnerability VCID-cmwn-cjff-9qau
3
vulnerability VCID-mkex-ht2r-cucz
4
vulnerability VCID-nute-ndg2-z7ev
5
vulnerability VCID-r1eg-dwej-5kau
6
vulnerability VCID-xg74-3h1h-kqaf
7
vulnerability VCID-y8et-m846-2fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1
aliases SS-2016-008
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn
Fixing_vulnerabilities
0
url VCID-1uhv-fetz-j7fd
vulnerability_id VCID-1uhv-fetz-j7fd
summary 
XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-001
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-001
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-001
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhv-fetz-j7fd
1
url VCID-evh4-xq48-4fa6
vulnerability_id VCID-evh4-xq48-4fa6
summary 
Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-005
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-005
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-005
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evh4-xq48-4fa6
2
url VCID-ggbg-8mtc-hudc
vulnerability_id VCID-ggbg-8mtc-hudc
summary 
XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-004
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-004
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-004
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggbg-8mtc-hudc
3
url VCID-m5rs-qptc-vued
vulnerability_id VCID-m5rs-qptc-vued
summary 
Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989
1
reference_url http://stackoverflow.com/a/15350123
reference_id
reference_type
scores
url http://stackoverflow.com/a/15350123
2
reference_url http://www.silverstripe.org/download/security-releases/ss-2016-006
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2016-006
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2016-006
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5rs-qptc-vued
4
url VCID-q939-fszs-wfdp
vulnerability_id VCID-q939-fszs-wfdp
summary 
CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.
references
0
reference_url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
reference_id
reference_type
scores
url https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a
1
reference_url http://www.silverstripe.org/download/security-releases/ss-2015-029
reference_id
reference_type
scores
url http://www.silverstripe.org/download/security-releases/ss-2015-029
fixed_packages
0
url pkg:composer/silverstripe/framework@3.1.19-rc1
purl pkg:composer/silverstripe/framework@3.1.19-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-7jm4-cjg3-rkcz
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-czh2-w6fk-xqd6
13
vulnerability VCID-ewg1-jqza-eyez
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-n1mj-u4yk-jqhn
18
vulnerability VCID-nute-ndg2-z7ev
19
vulnerability VCID-qdwg-f2bx-1bay
20
vulnerability VCID-r1eg-dwej-5kau
21
vulnerability VCID-t81f-5b8z-hyht
22
vulnerability VCID-umhc-fdfh-1fdx
23
vulnerability VCID-vatg-guxu-2ud7
24
vulnerability VCID-xg74-3h1h-kqaf
25
vulnerability VCID-y6gd-vy49-17b4
26
vulnerability VCID-y8et-m846-2fc6
27
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1
1
url pkg:composer/silverstripe/framework@3.1.19
purl pkg:composer/silverstripe/framework@3.1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19
2
url pkg:composer/silverstripe/framework@3.2.4-rc1
purl pkg:composer/silverstripe/framework@3.2.4-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-4h4a-xgrk-d7ec
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-7jm4-cjg3-rkcz
7
vulnerability VCID-at1s-qxsg-5yfs
8
vulnerability VCID-b6nm-cphj-wfgw
9
vulnerability VCID-b95v-49p7-fkas
10
vulnerability VCID-c437-w2zy-y7c9
11
vulnerability VCID-c6bz-jwhm-vkgp
12
vulnerability VCID-cmwn-cjff-9qau
13
vulnerability VCID-czh2-w6fk-xqd6
14
vulnerability VCID-ewg1-jqza-eyez
15
vulnerability VCID-gkkp-9fm7-jfaz
16
vulnerability VCID-hnme-cqff-c7dp
17
vulnerability VCID-mkex-ht2r-cucz
18
vulnerability VCID-n1mj-u4yk-jqhn
19
vulnerability VCID-nute-ndg2-z7ev
20
vulnerability VCID-qdwg-f2bx-1bay
21
vulnerability VCID-r1eg-dwej-5kau
22
vulnerability VCID-t81f-5b8z-hyht
23
vulnerability VCID-umhc-fdfh-1fdx
24
vulnerability VCID-vatg-guxu-2ud7
25
vulnerability VCID-xg74-3h1h-kqaf
26
vulnerability VCID-y6gd-vy49-17b4
27
vulnerability VCID-y8et-m846-2fc6
28
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1
3
url pkg:composer/silverstripe/framework@3.2.4
purl pkg:composer/silverstripe/framework@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3x46-q9cb-7ubg
3
vulnerability VCID-7ek4-6y31-1qcs
4
vulnerability VCID-7hxq-cp29-r7dh
5
vulnerability VCID-at1s-qxsg-5yfs
6
vulnerability VCID-b6nm-cphj-wfgw
7
vulnerability VCID-b95v-49p7-fkas
8
vulnerability VCID-c437-w2zy-y7c9
9
vulnerability VCID-c6bz-jwhm-vkgp
10
vulnerability VCID-cmwn-cjff-9qau
11
vulnerability VCID-ewg1-jqza-eyez
12
vulnerability VCID-gkkp-9fm7-jfaz
13
vulnerability VCID-hnme-cqff-c7dp
14
vulnerability VCID-mkex-ht2r-cucz
15
vulnerability VCID-nute-ndg2-z7ev
16
vulnerability VCID-qdwg-f2bx-1bay
17
vulnerability VCID-r1eg-dwej-5kau
18
vulnerability VCID-t81f-5b8z-hyht
19
vulnerability VCID-umhc-fdfh-1fdx
20
vulnerability VCID-xg74-3h1h-kqaf
21
vulnerability VCID-y8et-m846-2fc6
22
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4
4
url pkg:composer/silverstripe/framework@3.3.2-rc1
purl pkg:composer/silverstripe/framework@3.3.2-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-4h4a-xgrk-d7ec
5
vulnerability VCID-7ek4-6y31-1qcs
6
vulnerability VCID-7hxq-cp29-r7dh
7
vulnerability VCID-7jm4-cjg3-rkcz
8
vulnerability VCID-at1s-qxsg-5yfs
9
vulnerability VCID-b6nm-cphj-wfgw
10
vulnerability VCID-b95v-49p7-fkas
11
vulnerability VCID-c437-w2zy-y7c9
12
vulnerability VCID-c6bz-jwhm-vkgp
13
vulnerability VCID-cmwn-cjff-9qau
14
vulnerability VCID-czh2-w6fk-xqd6
15
vulnerability VCID-ewg1-jqza-eyez
16
vulnerability VCID-gkkp-9fm7-jfaz
17
vulnerability VCID-hnme-cqff-c7dp
18
vulnerability VCID-mkex-ht2r-cucz
19
vulnerability VCID-n1mj-u4yk-jqhn
20
vulnerability VCID-nute-ndg2-z7ev
21
vulnerability VCID-qdwg-f2bx-1bay
22
vulnerability VCID-r1eg-dwej-5kau
23
vulnerability VCID-t81f-5b8z-hyht
24
vulnerability VCID-umhc-fdfh-1fdx
25
vulnerability VCID-vatg-guxu-2ud7
26
vulnerability VCID-xg74-3h1h-kqaf
27
vulnerability VCID-y6gd-vy49-17b4
28
vulnerability VCID-y8et-m846-2fc6
29
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1
5
url pkg:composer/silverstripe/framework@3.3.2
purl pkg:composer/silverstripe/framework@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mmc-91gk-r3d3
1
vulnerability VCID-36z3-nafq-6kez
2
vulnerability VCID-3svb-wudn-aybz
3
vulnerability VCID-3x46-q9cb-7ubg
4
vulnerability VCID-7ek4-6y31-1qcs
5
vulnerability VCID-7hxq-cp29-r7dh
6
vulnerability VCID-at1s-qxsg-5yfs
7
vulnerability VCID-b6nm-cphj-wfgw
8
vulnerability VCID-b95v-49p7-fkas
9
vulnerability VCID-c437-w2zy-y7c9
10
vulnerability VCID-c6bz-jwhm-vkgp
11
vulnerability VCID-cmwn-cjff-9qau
12
vulnerability VCID-ewg1-jqza-eyez
13
vulnerability VCID-f4hv-79km-3ygt
14
vulnerability VCID-gkkp-9fm7-jfaz
15
vulnerability VCID-hnme-cqff-c7dp
16
vulnerability VCID-mkex-ht2r-cucz
17
vulnerability VCID-nute-ndg2-z7ev
18
vulnerability VCID-qdwg-f2bx-1bay
19
vulnerability VCID-r1eg-dwej-5kau
20
vulnerability VCID-t81f-5b8z-hyht
21
vulnerability VCID-umhc-fdfh-1fdx
22
vulnerability VCID-xg74-3h1h-kqaf
23
vulnerability VCID-y8et-m846-2fc6
24
vulnerability VCID-z28b-1yrx-1bbn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2
aliases SS-2015-029
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q939-fszs-wfdp
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1