| 0 |
| url |
VCID-11sx-j3x7-gkcr |
| vulnerability_id |
VCID-11sx-j3x7-gkcr |
| summary |
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-74j9-xhqr-6qv3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11sx-j3x7-gkcr |
|
| 1 |
| url |
VCID-1mmc-91gk-r3d3 |
| vulnerability_id |
VCID-1mmc-91gk-r3d3 |
| summary |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.7 |
| purl |
pkg:composer/silverstripe/framework@3.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 23 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 27 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.3 |
| purl |
pkg:composer/silverstripe/framework@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 23 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 24 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 25 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 26 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 27 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.0.7 |
| purl |
pkg:composer/silverstripe/framework@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 16 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 26 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 27 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.1.5 |
| purl |
pkg:composer/silverstripe/framework@4.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 16 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 26 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 27 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 35 |
| vulnerability |
VCID-z94y-nz4f-y7er |
|
| 36 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.2.4 |
| purl |
pkg:composer/silverstripe/framework@4.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 16 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 26 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 27 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 35 |
| vulnerability |
VCID-z94y-nz4f-y7er |
|
| 36 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.3.1 |
| purl |
pkg:composer/silverstripe/framework@4.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 16 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 26 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 27 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 35 |
| vulnerability |
VCID-z94y-nz4f-y7er |
|
| 36 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1 |
|
|
| aliases |
CVE-2019-5715, GHSA-wvfw-w3x6-g526
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3 |
|
| 2 |
| url |
VCID-1p79-328x-sueq |
| vulnerability_id |
VCID-1p79-328x-sueq |
| summary |
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.9 |
| purl |
pkg:composer/silverstripe/framework@4.10.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 5 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 6 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 7 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 8 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 12 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 16 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 17 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9 |
|
| 1 |
|
|
| aliases |
CVE-2021-41559, GHSA-9fmg-89fx-r33w
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq |
|
| 3 |
| url |
VCID-36z3-nafq-6kez |
| vulnerability_id |
VCID-36z3-nafq-6kez |
| summary |
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 19 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 25 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 26 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 27 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-016
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-36z3-nafq-6kez |
|
| 4 |
| url |
VCID-3x46-q9cb-7ubg |
| vulnerability_id |
VCID-3x46-q9cb-7ubg |
| summary |
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 24 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 25 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 26 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 27 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 28 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 33 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 34 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.5 |
| purl |
pkg:composer/silverstripe/framework@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 27 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 28 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 33 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 34 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 30 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 31 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 32 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 33 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 34 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 36 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 30 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 31 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 32 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 33 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 34 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 36 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg |
|
| 5 |
| url |
VCID-4h4a-xgrk-d7ec |
| vulnerability_id |
VCID-4h4a-xgrk-d7ec |
| summary |
silverstripe/framework's `Member.Name` is not escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name".
If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-r9vp-fp72-xgf7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4h4a-xgrk-d7ec |
|
| 6 |
| url |
VCID-5cfa-whq6-9ucp |
| vulnerability_id |
VCID-5cfa-whq6-9ucp |
| summary |
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.
Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfa-whq6-9ucp |
|
| 7 |
| url |
VCID-79qx-v5uu-jyf2 |
| vulnerability_id |
VCID-79qx-v5uu-jyf2 |
| summary |
Silverstripe Framework has a XSS vulnerability in HTML editor
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-30148, GHSA-rhx4-hvx9-j387
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-79qx-v5uu-jyf2 |
|
| 8 |
| url |
VCID-7ek4-6y31-1qcs |
| vulnerability_id |
VCID-7ek4-6y31-1qcs |
| summary |
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-014
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ek4-6y31-1qcs |
|
| 9 |
| url |
VCID-7hxq-cp29-r7dh |
| vulnerability_id |
VCID-7hxq-cp29-r7dh |
| summary |
Cross-site Scripting
In SilverStripe asset-admin, there is XSS in file titles managed through the CMS. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 9 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a1p9-cwzb-kbgb |
|
| 15 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 16 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 17 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 18 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 19 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 20 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 21 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 22 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 23 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 24 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 25 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 26 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 27 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 28 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 29 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 30 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 31 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 32 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 33 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 34 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 35 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 36 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 37 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 38 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 39 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 40 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 41 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 42 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 43 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 44 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 45 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 46 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 47 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 48 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 19 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 24 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 25 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 26 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 27 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 30 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 31 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 35 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 38 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 39 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 40 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 43 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 44 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 27 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh |
|
| 10 |
| url |
VCID-7jm4-cjg3-rkcz |
| vulnerability_id |
VCID-7jm4-cjg3-rkcz |
| summary |
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-5r8w-66hq-rc39
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7jm4-cjg3-rkcz |
|
| 11 |
| url |
VCID-86vg-4j71-hkgr |
| vulnerability_id |
VCID-86vg-4j71-hkgr |
| summary |
Silverstripe Framework has a XSS via insert media remote file oembed
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47605, GHSA-7cmp-cgg8-4c82
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-86vg-4j71-hkgr |
|
| 12 |
| url |
VCID-8u5c-6vx3-mfcr |
| vulnerability_id |
VCID-8u5c-6vx3-mfcr |
| summary |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-mqf3-qpc3-g26q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5c-6vx3-mfcr |
|
| 13 |
| url |
VCID-9hf4-djcv-67d7 |
| vulnerability_id |
VCID-9hf4-djcv-67d7 |
| summary |
silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default.
SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and doesn't overwrite data on form construction.
Readonly and disabled form fields are already filtered out in Form->saveInto(), so maliciously submitted data on these fields doesn't make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 19 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 25 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 26 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 27 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-97jm-g33h-f46g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9hf4-djcv-67d7 |
|
| 14 |
| url |
VCID-9y5u-qyzd-3ud9 |
| vulnerability_id |
VCID-9y5u-qyzd-3ud9 |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-48714, GHSA-qm2j-qvq3-j29v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9 |
|
| 15 |
| url |
VCID-a7cf-kpzy-xudd |
| vulnerability_id |
VCID-a7cf-kpzy-xudd |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22729, GHSA-fw84-xgm8-9jmv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd |
|
| 16 |
| url |
VCID-at1s-qxsg-5yfs |
| vulnerability_id |
VCID-at1s-qxsg-5yfs |
| summary |
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-015
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-at1s-qxsg-5yfs |
|
| 17 |
| url |
VCID-b6nm-cphj-wfgw |
| vulnerability_id |
VCID-b6nm-cphj-wfgw |
| summary |
Improper Privilege Management
In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 27 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12617, GHSA-6r58-4xgr-gm6m
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw |
|
| 18 |
| url |
VCID-b95v-49p7-fkas |
| vulnerability_id |
VCID-b95v-49p7-fkas |
| summary |
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 30 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 31 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 32 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 33 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 34 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 36 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 30 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 31 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 32 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 33 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 34 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 36 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-14498, GHSA-j696-6m57-mcrv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas |
|
| 19 |
| url |
VCID-c437-w2zy-y7c9 |
| vulnerability_id |
VCID-c437-w2zy-y7c9 |
| summary |
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-011
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c437-w2zy-y7c9 |
|
| 20 |
| url |
VCID-c6bz-jwhm-vkgp |
| vulnerability_id |
VCID-c6bz-jwhm-vkgp |
| summary |
Cross-site Scripting
There is an XSS in SilverStripe CMS. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 28 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 29 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 30 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 31 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 32 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 33 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 34 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 35 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 36 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.4.4 |
| purl |
pkg:composer/silverstripe/framework@3.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 24 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 25 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 28 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 29 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 30 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 31 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 32 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 33 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 34 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 35 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 19 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 32 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 33 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 34 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 35 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 36 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 37 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 38 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 39 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 40 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 41 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 19 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 28 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 29 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 30 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 31 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 39 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp |
|
| 21 |
| url |
VCID-cmwn-cjff-9qau |
| vulnerability_id |
VCID-cmwn-cjff-9qau |
| summary |
Session Fixation
SilverStripe allows session fixation in the "change password" form. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 23 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 27 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 23 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 24 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 25 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 26 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 27 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 27 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau |
|
| 22 |
| url |
VCID-czh2-w6fk-xqd6 |
| vulnerability_id |
VCID-czh2-w6fk-xqd6 |
| summary |
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-p5h2-vr99-xm99
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czh2-w6fk-xqd6 |
|
| 23 |
| url |
VCID-ewg1-jqza-eyez |
| vulnerability_id |
VCID-ewg1-jqza-eyez |
| summary |
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-013
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ewg1-jqza-eyez |
|
| 24 |
| url |
VCID-gkkp-9fm7-jfaz |
| vulnerability_id |
VCID-gkkp-9fm7-jfaz |
| summary |
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-012
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gkkp-9fm7-jfaz |
|
| 25 |
| url |
VCID-gnpw-s9hp-wqfs |
| vulnerability_id |
VCID-gnpw-s9hp-wqfs |
| summary |
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-32302, GHSA-36xx-7vf6-7mv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs |
|
| 26 |
| url |
VCID-hcuz-gz3w-97ew |
| vulnerability_id |
VCID-hcuz-gz3w-97ew |
| summary |
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.1 |
| purl |
pkg:composer/silverstripe/framework@4.10.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 17 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 18 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 19 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 20 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1 |
|
|
| aliases |
CVE-2022-0227, GHSA-32m2-9f76-4gv8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew |
|
| 27 |
| url |
VCID-hnme-cqff-c7dp |
| vulnerability_id |
VCID-hnme-cqff-c7dp |
| summary |
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 19 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 25 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 26 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 27 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-010
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp |
|
| 28 |
| url |
VCID-k46z-g6jp-57ek |
| vulnerability_id |
VCID-k46z-g6jp-57ek |
| summary |
Silverstripe uses TinyMCE which allows svg files linked in object tags
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.
Note that `<embed>` tags are not allowed by default.
After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.
We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-52cw-pvq9-9m5v
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k46z-g6jp-57ek |
|
| 29 |
| url |
VCID-ky21-z2d2-sye6 |
| vulnerability_id |
VCID-ky21-z2d2-sye6 |
| summary |
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this type of attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-32981, GHSA-chx7-9x8h-r5mg
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ky21-z2d2-sye6 |
|
| 30 |
| url |
VCID-mkex-ht2r-cucz |
| vulnerability_id |
VCID-mkex-ht2r-cucz |
| summary |
Files or Directories Accessible to External Parties
In SilverStripe, there is broken access control on files. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 9 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a1p9-cwzb-kbgb |
|
| 15 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 16 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 17 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 18 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 19 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 20 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 21 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 22 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 23 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 24 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 25 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 26 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 27 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 28 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 29 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 30 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 31 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 32 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 33 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 34 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 35 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 36 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 37 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 38 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 39 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 40 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 41 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 42 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 43 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 44 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 45 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 46 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 47 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 48 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 19 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 24 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 25 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 26 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 27 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 30 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 31 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 35 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 38 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 39 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 40 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 43 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 44 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 27 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14273, GHSA-43jj-2rwc-2m3f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz |
|
| 31 |
| url |
VCID-n1mj-u4yk-jqhn |
| vulnerability_id |
VCID-n1mj-u4yk-jqhn |
| summary |
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-468j-6jrc-2rjx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n1mj-u4yk-jqhn |
|
| 32 |
| url |
VCID-n4fk-735u-2baw |
| vulnerability_id |
VCID-n4fk-735u-2baw |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 20 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 21 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.9.0 |
| purl |
pkg:composer/silverstripe/framework@4.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 20 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 21 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0 |
|
|
| aliases |
CVE-2021-36150, GHSA-j66h-cc96-c32q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw |
|
| 33 |
| url |
VCID-nute-ndg2-z7ev |
| vulnerability_id |
VCID-nute-ndg2-z7ev |
| summary |
Cross-site Scripting
SilverStripe has Flash Clipboard Reflected XSS. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 27 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12205, GHSA-rfvw-5848-gxc5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev |
|
| 34 |
| url |
VCID-pkve-yjqy-syc2 |
| vulnerability_id |
VCID-pkve-yjqy-syc2 |
| summary |
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 5 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 6 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 7 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 8 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 9 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 10 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 11 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 12 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 13 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 14 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 15 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 16 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 17 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 23 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 24 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 25 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 26 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 23 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 24 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2019-19326, GHSA-q9ff-3q93-fm8m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2 |
|
| 35 |
| url |
VCID-qdwg-f2bx-1bay |
| vulnerability_id |
VCID-qdwg-f2bx-1bay |
| summary |
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 24 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 25 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 26 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 27 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 28 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 29 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 30 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 31 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 32 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 33 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.6 |
| purl |
pkg:composer/silverstripe/framework@3.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 4 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 5 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 6 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 7 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 8 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 9 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 10 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 11 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 12 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 13 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 14 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 15 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 16 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 17 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 18 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 19 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 20 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 21 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 22 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 23 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 24 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 28 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| purl |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 12 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 13 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 14 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 21 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 22 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 23 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 27 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 28 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 32 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 33 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 34 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.3 |
| purl |
pkg:composer/silverstripe/framework@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 4 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 5 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 6 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 7 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 8 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 9 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 10 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 11 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 12 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 13 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 14 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 15 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 16 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 17 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 18 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 19 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 20 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 21 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 22 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 23 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 24 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 25 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 26 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 27 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 28 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 29 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 30 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 9 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a1p9-cwzb-kbgb |
|
| 15 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 16 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 17 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 18 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 19 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 20 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 21 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 22 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 23 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 24 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 25 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 26 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 27 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 28 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 29 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 30 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 31 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 32 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 33 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 34 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 35 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 36 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 37 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 38 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 39 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 40 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 41 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 42 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 43 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 44 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 45 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 46 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 47 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 48 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 4 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aj7q-x4hc-xbdm |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 19 |
| vulnerability |
VCID-g7kn-gn2m-myc3 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h9g1-7wez-8qft |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-hq36-9ntc-akez |
|
| 24 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 25 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 26 |
| vulnerability |
VCID-m3us-9sft-wbh8 |
|
| 27 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 30 |
| vulnerability |
VCID-p2m9-rejx-e3e9 |
|
| 31 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 35 |
| vulnerability |
VCID-tsdn-bu3d-ubaf |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 38 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 39 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 40 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 43 |
| vulnerability |
VCID-yxuh-bxh5-z3cw |
|
| 44 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
|
| aliases |
CVE-2017-18049, GHSA-2jvj-mhf2-g99w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay |
|
| 36 |
| url |
VCID-qj5k-bcw3-5fgq |
| vulnerability_id |
VCID-qj5k-bcw3-5fgq |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
In follow up to [SS-2016-001](https://www.silverstripe.org/download/security-releases/ss-2016-001/) there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 7 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 8 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 12 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 13 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 14 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 22 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 23 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 24 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 25 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 26 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 27 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 30 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 31 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 32 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 33 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 17 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 18 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 19 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 25 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 26 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 27 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-r85g-7jpv-8xrx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qj5k-bcw3-5fgq |
|
| 37 |
| url |
VCID-qmfy-dxag-uuex |
| vulnerability_id |
VCID-qmfy-dxag-uuex |
| summary |
Improper Authentication
In SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 21 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 22 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
|
| aliases |
CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex |
|
| 38 |
| url |
VCID-r1eg-dwej-5kau |
| vulnerability_id |
VCID-r1eg-dwej-5kau |
| summary |
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
|
| aliases |
CVE-2019-12437, GHSA-fx37-56v6-85q6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau |
|
| 39 |
| url |
VCID-sg62-98yy-2kd7 |
| vulnerability_id |
VCID-sg62-98yy-2kd7 |
| summary |
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 19 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 28 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 29 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 30 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 31 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 39 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2021-28661, GHSA-r7rh-g777-g5gx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7 |
|
| 40 |
| url |
VCID-t81f-5b8z-hyht |
| vulnerability_id |
VCID-t81f-5b8z-hyht |
| summary |
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 6 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 7 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 8 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 20 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 21 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 22 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 23 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 28 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 29 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 30 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 31 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 32 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 33 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 34 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 35 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 36 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-37d1-tt74-yyfm |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-aygc-4nhm-n7eq |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 19 |
| vulnerability |
VCID-fm87-te3v-pkc8 |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-h1y5-n4b7-ckg6 |
|
| 22 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 32 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 33 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 34 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 35 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 36 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 37 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 38 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 39 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 40 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
| 41 |
| vulnerability |
VCID-znbg-16r4-6ybg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
|
| aliases |
SS-2017-001
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht |
|
| 41 |
| url |
VCID-tv7h-289s-xub4 |
| vulnerability_id |
VCID-tv7h-289s-xub4 |
| summary |
Improper Restriction of XML External Entity Reference
SilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 21 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 22 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 21 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 22 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-25817, GHSA-3vjc-5x79-m9r8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4 |
|
| 42 |
| url |
VCID-umhc-fdfh-1fdx |
| vulnerability_id |
VCID-umhc-fdfh-1fdx |
| summary |
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 5 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 6 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 7 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 8 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 9 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 10 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 11 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 12 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 13 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 14 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 15 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 16 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 17 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
|
| aliases |
CVE-2020-9311, GHSA-2pw2-qpcp-m47x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx |
|
| 43 |
| url |
VCID-uy47-3s8a-hbdn |
| vulnerability_id |
VCID-uy47-3s8a-hbdn |
| summary |
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.11.3 |
| purl |
pkg:composer/silverstripe/framework@4.11.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 5 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 6 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 7 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 8 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 9 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 10 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 11 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 12 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 16 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3 |
|
|
| aliases |
CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uy47-3s8a-hbdn |
|
| 44 |
| url |
VCID-vatg-guxu-2ud7 |
| vulnerability_id |
VCID-vatg-guxu-2ud7 |
| summary |
silverstripe/framework missing ACL on reports
The SS_Report, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user.
It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-52cx-hpc5-cxwc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vatg-guxu-2ud7 |
|
| 45 |
| url |
VCID-wgdv-etcq-3qhw |
| vulnerability_id |
VCID-wgdv-etcq-3qhw |
| summary |
Improper Input Validation
In SilverStripe, a FormField with square brackets in the field name skips validation. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 21 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 22 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 21 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 22 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-26138, GHSA-7mv4-4xpg-xq44
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw |
|
| 46 |
| url |
VCID-xg74-3h1h-kqaf |
| vulnerability_id |
VCID-xg74-3h1h-kqaf |
| summary |
Uncontrolled Resource Consumption
SilverStripe allows a Denial of Service on flush and development URL tools. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.0 |
| purl |
pkg:composer/silverstripe/framework@4.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 15 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 18 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 19 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 27 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 28 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 29 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 30 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 31 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 32 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 33 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 34 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0 |
|
|
| aliases |
CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf |
|
| 47 |
| url |
VCID-y6gd-vy49-17b4 |
| vulnerability_id |
VCID-y6gd-vy49-17b4 |
| summary |
silverstripe/framework password encryption salt not updated
When a user changes their password, the internal salt used for hashing their password is not updated.
Although this is not considered a security vulnerability, this behaviour has been improved to ensure the salt is reset on change of password. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-f3wp-xpv2-6vmg
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y6gd-vy49-17b4 |
|
| 48 |
| url |
VCID-y8et-m846-2fc6 |
| vulnerability_id |
VCID-y8et-m846-2fc6 |
| summary |
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-u9e7-1zhg-mygt |
|
| 23 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 24 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 25 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 26 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 27 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 28 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 19 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 20 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 21 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 22 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 23 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 24 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 25 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 26 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 27 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 6 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 7 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 14 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 15 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 16 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 17 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 18 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 19 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 20 |
| vulnerability |
VCID-nzcm-xbxx-wyf9 |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-24a5-ruc4-bycq |
|
| 3 |
| vulnerability |
VCID-2hk2-hzyh-wbhf |
|
| 4 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 5 |
| vulnerability |
VCID-5dt7-nc8t-nqgh |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7gak-15m5-j3f5 |
|
| 8 |
| vulnerability |
VCID-7w7t-3783-1kbs |
|
| 9 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 10 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 11 |
| vulnerability |
VCID-9t4k-8hsz-bfdw |
|
| 12 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 13 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 14 |
| vulnerability |
VCID-ca4q-xd4v-vqfe |
|
| 15 |
| vulnerability |
VCID-fmfu-81xu-pfdy |
|
| 16 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 17 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 18 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 19 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 20 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 21 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 22 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 23 |
| vulnerability |
VCID-ru3j-21j8-ayhm |
|
| 24 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 25 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 26 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 27 |
| vulnerability |
VCID-xm4q-u96p-57dd |
|
| 28 |
| vulnerability |
VCID-ytbc-8mhd-b3fc |
|
| 29 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6 |
|
| 49 |
| url |
VCID-z28b-1yrx-1bbn |
| vulnerability_id |
VCID-z28b-1yrx-1bbn |
| summary |
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 5 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 6 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 7 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 8 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 9 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 10 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 11 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 12 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 13 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 14 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 15 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 16 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 17 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 18 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 19 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 20 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 21 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 22 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 23 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 24 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 25 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 26 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 27 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 28 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 29 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 30 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 31 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 32 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 33 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 34 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 35 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 36 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 37 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 38 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1mmc-91gk-r3d3 |
|
| 2 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 3 |
| vulnerability |
VCID-36z3-nafq-6kez |
|
| 4 |
| vulnerability |
VCID-3j6f-5c14-uubc |
|
| 5 |
| vulnerability |
VCID-3x46-q9cb-7ubg |
|
| 6 |
| vulnerability |
VCID-4qjj-wqg5-dbay |
|
| 7 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 8 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 9 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 10 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 11 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 12 |
| vulnerability |
VCID-9hf4-djcv-67d7 |
|
| 13 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 14 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 15 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 16 |
| vulnerability |
VCID-b95v-49p7-fkas |
|
| 17 |
| vulnerability |
VCID-bwrh-updj-zkfs |
|
| 18 |
| vulnerability |
VCID-c6bz-jwhm-vkgp |
|
| 19 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 20 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 21 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 22 |
| vulnerability |
VCID-hnme-cqff-c7dp |
|
| 23 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 24 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 25 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 26 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 27 |
| vulnerability |
VCID-njph-ua7r-auaq |
|
| 28 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 29 |
| vulnerability |
VCID-pkve-yjqy-syc2 |
|
| 30 |
| vulnerability |
VCID-qdwg-f2bx-1bay |
|
| 31 |
| vulnerability |
VCID-qj5k-bcw3-5fgq |
|
| 32 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 33 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 34 |
| vulnerability |
VCID-sg62-98yy-2kd7 |
|
| 35 |
| vulnerability |
VCID-t81f-5b8z-hyht |
|
| 36 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 37 |
| vulnerability |
VCID-umhc-fdfh-1fdx |
|
| 38 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 39 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 40 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 41 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 42 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-11sx-j3x7-gkcr |
|
| 1 |
| vulnerability |
VCID-1p79-328x-sueq |
|
| 2 |
| vulnerability |
VCID-5cfa-whq6-9ucp |
|
| 3 |
| vulnerability |
VCID-79qx-v5uu-jyf2 |
|
| 4 |
| vulnerability |
VCID-7hxq-cp29-r7dh |
|
| 5 |
| vulnerability |
VCID-86vg-4j71-hkgr |
|
| 6 |
| vulnerability |
VCID-8u5c-6vx3-mfcr |
|
| 7 |
| vulnerability |
VCID-9y5u-qyzd-3ud9 |
|
| 8 |
| vulnerability |
VCID-a7cf-kpzy-xudd |
|
| 9 |
| vulnerability |
VCID-b6nm-cphj-wfgw |
|
| 10 |
| vulnerability |
VCID-cmwn-cjff-9qau |
|
| 11 |
| vulnerability |
VCID-gnpw-s9hp-wqfs |
|
| 12 |
| vulnerability |
VCID-hcuz-gz3w-97ew |
|
| 13 |
| vulnerability |
VCID-k46z-g6jp-57ek |
|
| 14 |
| vulnerability |
VCID-ky21-z2d2-sye6 |
|
| 15 |
| vulnerability |
VCID-mkex-ht2r-cucz |
|
| 16 |
| vulnerability |
VCID-n4fk-735u-2baw |
|
| 17 |
| vulnerability |
VCID-nute-ndg2-z7ev |
|
| 18 |
| vulnerability |
VCID-qmfy-dxag-uuex |
|
| 19 |
| vulnerability |
VCID-r1eg-dwej-5kau |
|
| 20 |
| vulnerability |
VCID-tv7h-289s-xub4 |
|
| 21 |
| vulnerability |
VCID-uy47-3s8a-hbdn |
|
| 22 |
| vulnerability |
VCID-wgdv-etcq-3qhw |
|
| 23 |
| vulnerability |
VCID-xg74-3h1h-kqaf |
|
| 24 |
| vulnerability |
VCID-y8et-m846-2fc6 |
|
| 25 |
| vulnerability |
VCID-zdge-zsmz-8ud9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-008
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z28b-1yrx-1bbn |
|
| 50 |
| url |
VCID-zdge-zsmz-8ud9 |
| vulnerability_id |
VCID-zdge-zsmz-8ud9 |
| summary |
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9 |
|