| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-3x46-q9cb-7ubg |
| vulnerability_id |
VCID-3x46-q9cb-7ubg |
| summary |
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
VCID-b95v-49p7-fkas |
| vulnerability_id |
VCID-b95v-49p7-fkas |
| summary |
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-14498, GHSA-j696-6m57-mcrv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas |
|
| 6 |
|
| 7 |
|
| 8 |
| url |
VCID-hnme-cqff-c7dp |
| vulnerability_id |
VCID-hnme-cqff-c7dp |
| summary |
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
|
| aliases |
SS-2016-010
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hnme-cqff-c7dp |
|
| 9 |
|
| 10 |
|
| 11 |
| url |
VCID-qdwg-f2bx-1bay |
| vulnerability_id |
VCID-qdwg-f2bx-1bay |
| summary |
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2017-18049, GHSA-2jvj-mhf2-g99w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay |
|
| 12 |
|
| 13 |
|
| 14 |
| url |
VCID-umhc-fdfh-1fdx |
| vulnerability_id |
VCID-umhc-fdfh-1fdx |
| summary |
Cross-site Scripting
In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-9311, GHSA-2pw2-qpcp-m47x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx |
|
| 15 |
|
| 16 |
| url |
VCID-y8et-m846-2fc6 |
| vulnerability_id |
VCID-y8et-m846-2fc6 |
| summary |
Information Exposure
SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6 |
|