Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53252?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53252?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "type": "composer", "namespace": "silverstripe", "name": "framework", "version": "3.5.2-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.3.23", "latest_non_vulnerable_version": "6.0.0-alpha1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56522?format=api", "vulnerability_id": "VCID-11sx-j3x7-gkcr", "summary": "Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3", "reference_id": "GHSA-74j9-xhqr-6qv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74j9-xhqr-6qv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" } ], "aliases": [ "GHSA-74j9-xhqr-6qv3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11sx-j3x7-gkcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=api", "vulnerability_id": "VCID-1mmc-91gk-r3d3", "summary": "SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55605", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55549", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5715" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/issues/8814", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/issues/8814" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5715" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2018-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2018-021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57785?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57786?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/57787?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57788?format=api", "purl": "pkg:composer/silverstripe/framework@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57789?format=api", "purl": "pkg:composer/silverstripe/framework@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57790?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-z94y-nz4f-y7er" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1" } ], "aliases": [ "CVE-2019-5715", "GHSA-wvfw-w3x6-g526" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110589?format=api", "vulnerability_id": "VCID-1p79-328x-sueq", "summary": "Quadratic blowup in Convert::xml2array()\nSilverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57671", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57619", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41559" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41559" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-41559" }, { "reference_url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w", "reference_id": "GHSA-9fmg-89fx-r33w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fmg-89fx-r33w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149279?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/595466?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1" } ], "aliases": [ "CVE-2021-41559", "GHSA-9fmg-89fx-r33w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55022?format=api", "vulnerability_id": "VCID-37d1-tt74-yyfm", "summary": "silverstripe/framework users inadvertently passing sensitive data to LoginAttempt\nAll user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field.\n\nIn order to address this a one-way hash is applied to the Email field before being stored.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-009" }, { "reference_url": "https://github.com/advisories/GHSA-ph62-fv59-vf9h", "reference_id": "GHSA-ph62-fv59-vf9h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ph62-fv59-vf9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-ph62-fv59-vf9h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37d1-tt74-yyfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55030?format=api", "vulnerability_id": "VCID-3j6f-5c14-uubc", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in page history comparison\nAuthenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-004" }, { "reference_url": "https://github.com/advisories/GHSA-c4c3-j73v-634r", "reference_id": "GHSA-c4c3-j73v-634r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4c3-j73v-634r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54434?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-c4c3-j73v-634r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3j6f-5c14-uubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39021?format=api", "vulnerability_id": "VCID-3x46-q9cb-7ubg", "summary": "Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00392", "scoring_system": "epss", "scoring_elements": "0.60553", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12849" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849", "reference_id": "CVE-2017-12849", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12849" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf", "reference_id": "GHSA-fwhr-g5r4-xgxf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fwhr-g5r4-xgxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/213679?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54435?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/213034?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54103?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-12849", "GHSA-fwhr-g5r4-xgxf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55033?format=api", "vulnerability_id": "VCID-4qjj-wqg5-dbay", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage\nRedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-003" }, { "reference_url": "https://github.com/advisories/GHSA-pp7q-6j3f-74vj", "reference_id": "GHSA-pp7q-6j3f-74vj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp7q-6j3f-74vj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54434?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-pp7q-6j3f-74vj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4qjj-wqg5-dbay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56456?format=api", "vulnerability_id": "VCID-5cfa-whq6-9ucp", "summary": "Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01452", "scoring_system": "epss", "scoring_elements": "0.81169", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53277" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277", "reference_id": "CVE-2024-53277", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53277" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277", "reference_id": "CVE-2024-53277", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-53277" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml", "reference_id": "CVE-2024-53277.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ff6q-3c9c-6cf5" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5", "reference_id": "GHSA-ff6q-3c9c-6cf5", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-53277", "GHSA-ff6q-3c9c-6cf5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfa-whq6-9ucp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57123?format=api", "vulnerability_id": "VCID-79qx-v5uu-jyf2", "summary": "Silverstripe Framework has a XSS vulnerability in HTML editor\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45229", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30148" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/pull/11682", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/pull/11682" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148", "reference_id": "CVE-2025-30148", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30148" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148", "reference_id": "CVE-2025-30148", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2025-30148" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml", "reference_id": "CVE-2025-30148.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rhx4-hvx9-j387" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387", "reference_id": "GHSA-rhx4-hvx9-j387", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84817?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23" } ], "aliases": [ "CVE-2025-30148", "GHSA-rhx4-hvx9-j387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79qx-v5uu-jyf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51855?format=api", "vulnerability_id": "VCID-7hxq-cp29-r7dh", "summary": "Cross-site Scripting\nIn SilverStripe asset-admin, there is XSS in file titles managed through the CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57587", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57535", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14272" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14272" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272", "reference_id": "CVE-2019-14272", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a1p9-cwzb-kbgb" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14272", "GHSA-jgw2-f5mx-rg7h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56468?format=api", "vulnerability_id": "VCID-86vg-4j71-hkgr", "summary": "Silverstripe Framework has a XSS via insert media remote file oembed\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07112", "scoring_system": "epss", "scoring_elements": "0.91697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47605" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt", "reference_id": "CVE-2024-47605", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605", "reference_id": "CVE-2024-47605", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47605" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605", "reference_id": "CVE-2024-47605", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-47605" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml", "reference_id": "CVE-2024-47605.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7cmp-cgg8-4c82" }, { "reference_url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82", "reference_id": "GHSA-7cmp-cgg8-4c82", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/" } ], "url": "https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "CVE-2024-47605", "GHSA-7cmp-cgg8-4c82" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86vg-4j71-hkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56477?format=api", "vulnerability_id": "VCID-8u5c-6vx3-mfcr", "summary": "Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-002" }, { "reference_url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mqf3-qpc3-g26q" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q", "reference_id": "GHSA-mqf3-qpc3-g26q", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83724?format=api", "purl": "pkg:composer/silverstripe/framework@5.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/794824?format=api", "purl": "pkg:composer/silverstripe/framework@6.0.0-alpha1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1" } ], "aliases": [ "GHSA-mqf3-qpc3-g26q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5c-6vx3-mfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46874?format=api", "vulnerability_id": "VCID-9y5u-qyzd-3ud9", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nSilverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45478", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48714" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48714" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714", "reference_id": "CVE-2023-48714", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-48714" }, { "reference_url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2j-qvq3-j29v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v", "reference_id": "GHSA-qm2j-qvq3-j29v", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68579?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/68580?format=api", "purl": "pkg:composer/silverstripe/framework@5.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11" } ], "aliases": [ "CVE-2023-48714", "GHSA-qm2j-qvq3-j29v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45052?format=api", "vulnerability_id": "VCID-a7cf-kpzy-xudd", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42323", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42248", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22729" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729", "reference_id": "CVE-2023-22729", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22729" }, { "reference_url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fw84-xgm8-9jmv" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv", "reference_id": "GHSA-fw84-xgm8-9jmv", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64977?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22729", "GHSA-fw84-xgm8-9jmv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55043?format=api", "vulnerability_id": "VCID-aygc-4nhm-n7eq", "summary": "silverstripe/framework SQL injection in full text search\nWhen performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.\n\nThe issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-008" }, { "reference_url": "https://github.com/advisories/GHSA-xx4r-5265-48j6", "reference_id": "GHSA-xx4r-5265-48j6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xx4r-5265-48j6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-xx4r-5265-48j6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aygc-4nhm-n7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51851?format=api", "vulnerability_id": "VCID-b6nm-cphj-wfgw", "summary": "Improper Privilege Management\nIn SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54005", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12617" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12617" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12617/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617", "reference_id": "CVE-2019-12617", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12617" }, { "reference_url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m", "reference_id": "GHSA-6r58-4xgr-gm6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r58-4xgr-gm6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12617", "GHSA-6r58-4xgr-gm6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38848?format=api", "vulnerability_id": "VCID-b95v-49p7-fkas", "summary": "Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.", "references": [ { "reference_url": "http://lists.openwall.net/full-disclosure/2017/09/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59498", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00375", "scoring_system": "epss", "scoring_elements": "0.59447", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14498" }, { "reference_url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498", "reference_id": "CVE-2017-14498", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14498" }, { "reference_url": "https://github.com/advisories/GHSA-j696-6m57-mcrv", "reference_id": "GHSA-j696-6m57-mcrv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j696-6m57-mcrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/213034?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54103?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1" } ], "aliases": [ "CVE-2017-14498", "GHSA-j696-6m57-mcrv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55023?format=api", "vulnerability_id": "VCID-bwrh-updj-zkfs", "summary": "silverstripe/framework member disclosure in login form\nThere is a user ID enumeration vulnerability in our brute force error messages.\n\n- Users that don't exist in will never get a locked out message\n- Users that do exist, will get a locked out message\n\nThis means an attacker can infer or confirm user details that exist in the member table.\n\nThis issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-002" }, { "reference_url": "https://github.com/advisories/GHSA-g84q-cq55-xwgp", "reference_id": "GHSA-g84q-cq55-xwgp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g84q-cq55-xwgp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54434?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4" } ], "aliases": [ "GHSA-g84q-cq55-xwgp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwrh-updj-zkfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51839?format=api", "vulnerability_id": "VCID-cmwn-cjff-9qau", "summary": "Session Fixation\nSilverStripe allows session fixation in the \"change password\" form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17184", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17108", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12203" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12203" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12203/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203", "reference_id": "CVE-2019-12203", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12203" }, { "reference_url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2", "reference_id": "GHSA-w7r7-r8r9-vrg2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7r7-r8r9-vrg2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144275?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/144274?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12203", "GHSA-w7r7-r8r9-vrg2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55028?format=api", "vulnerability_id": "VCID-fm87-te3v-pkc8", "summary": "silverstripe/framework CSV Excel Macro Injection\nIn the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed.\n\nIn order to safeguard against this threat all potentially executable cell values exported from CSV will be prepended with a literal tab character.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://github.com/advisories/GHSA-mqjc-x563-c9q8", "reference_id": "GHSA-mqjc-x563-c9q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mqjc-x563-c9q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "GHSA-mqjc-x563-c9q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fm87-te3v-pkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45758?format=api", "vulnerability_id": "VCID-gnpw-s9hp-wqfs", "summary": "Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml" }, { "reference_url": "https://github.com/github/advisory-database/pull/2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/2575" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2023-32302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302", "reference_id": "CVE-2023-32302", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32302" }, { "reference_url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36xx-7vf6-7mv3" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3", "reference_id": "GHSA-36xx-7vf6-7mv3", "reference_type": "", "scores": [ { "value": "0.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66345?format=api", "purl": "pkg:composer/silverstripe/framework@4.13.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/66346?format=api", "purl": "pkg:composer/silverstripe/framework@5.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13" } ], "aliases": [ "CVE-2023-32302", "GHSA-36xx-7vf6-7mv3" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55036?format=api", "vulnerability_id": "VCID-h1y5-n4b7-ckg6", "summary": "silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms\nUser enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-005" }, { "reference_url": "https://github.com/advisories/GHSA-7m2v-x7rg-5hm5", "reference_id": "GHSA-7m2v-x7rg-5hm5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7m2v-x7rg-5hm5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54435?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/54913?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2" } ], "aliases": [ "GHSA-7m2v-x7rg-5hm5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1y5-n4b7-ckg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42251?format=api", "vulnerability_id": "VCID-hcuz-gz3w-97ew", "summary": "Business Logic Errors in GitHub repository silverstripe/silverstripe-framework", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2" }, { "reference_url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227", "reference_id": "CVE-2022-0227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0227" }, { "reference_url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8", "reference_id": "GHSA-32m2-9f76-4gv8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32m2-9f76-4gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60382?format=api", "purl": "pkg:composer/silverstripe/framework@4.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1" } ], "aliases": [ "CVE-2022-0227", "GHSA-32m2-9f76-4gv8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55532?format=api", "vulnerability_id": "VCID-k46z-g6jp-57ek", "summary": "Silverstripe uses TinyMCE which allows svg files linked in object tags\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2024-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2024-001" }, { "reference_url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v", "reference_id": "GHSA-52cw-pvq9-9m5v", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v" }, { "reference_url": "https://github.com/advisories/GHSA-5359-pvf2-pw78", "reference_id": "GHSA-5359-pvf2-pw78", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5359-pvf2-pw78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82195?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "GHSA-52cw-pvq9-9m5v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k46z-g6jp-57ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55529?format=api", "vulnerability_id": "VCID-ky21-z2d2-sye6", "summary": "Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0105", "scoring_system": "epss", "scoring_elements": "0.7791", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32981" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32981" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981", "reference_id": "CVE-2024-32981", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2024-32981" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml", "reference_id": "CVE-2024-32981.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chx7-9x8h-r5mg" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg", "reference_id": "GHSA-chx7-9x8h-r5mg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82195?format=api", "purl": "pkg:composer/silverstripe/framework@5.2.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16" } ], "aliases": [ "CVE-2024-32981", "GHSA-chx7-9x8h-r5mg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ky21-z2d2-sye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51853?format=api", "vulnerability_id": "VCID-mkex-ht2r-cucz", "summary": "Files or Directories Accessible to External Parties\nIn SilverStripe, there is broken access control on files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56702", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56754", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14273" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14273" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273", "reference_id": "CVE-2019-14273", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-14273" }, { "reference_url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f", "reference_id": "GHSA-43jj-2rwc-2m3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-43jj-2rwc-2m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a1p9-cwzb-kbgb" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-14273", "GHSA-43jj-2rwc-2m3f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41545?format=api", "vulnerability_id": "VCID-n4fk-735u-2baw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5931", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00372", "scoring_system": "epss", "scoring_elements": "0.5926", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36150" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/releases" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36150" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150", "reference_id": "CVE-2021-36150", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-36150" }, { "reference_url": "https://github.com/advisories/GHSA-j66h-cc96-c32q", "reference_id": "GHSA-j66h-cc96-c32q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j66h-cc96-c32q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/537575?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/59222?format=api", "purl": "pkg:composer/silverstripe/framework@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0" } ], "aliases": [ "CVE-2021-36150", "GHSA-j66h-cc96-c32q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55045?format=api", "vulnerability_id": "VCID-njph-ua7r-auaq", "summary": "silverstripe/framework has Cross-site Scripting vulnerability in page name\nsilverstripe/framework is vulnerable to XSS in Page name where the payload `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001" }, { "reference_url": "https://github.com/advisories/GHSA-hhvj-mcrx-3vcf", "reference_id": "GHSA-hhvj-mcrx-3vcf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhvj-mcrx-3vcf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53317?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "GHSA-hhvj-mcrx-3vcf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njph-ua7r-auaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51842?format=api", "vulnerability_id": "VCID-nute-ndg2-z7ev", "summary": "Cross-site Scripting\nSilverStripe has Flash Clipboard Reflected XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59681", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12205" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12205" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205", "reference_id": "CVE-2019-12205", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12205" }, { "reference_url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5", "reference_id": "GHSA-rfvw-5848-gxc5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfvw-5848-gxc5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76174?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12205", "GHSA-rfvw-5848-gxc5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111897?format=api", "vulnerability_id": "VCID-pkve-yjqy-syc2", "summary": "SilverStripe Web Cache Poisoning through HTTPRequestBuilder\nSilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43423", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.4335", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19326" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19326" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-19326" }, { "reference_url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m", "reference_id": "GHSA-q9ff-3q93-fm8m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q9ff-3q93-fm8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77683?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/77688?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/77689?format=api", "purl": "pkg:composer/silverstripe/framework@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4" } ], "aliases": [ "CVE-2019-19326", "GHSA-q9ff-3q93-fm8m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39336?format=api", "vulnerability_id": "VCID-qdwg-f2bx-1bay", "summary": "Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43711", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18049" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.exploit-db.com/exploits/43396", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/43396" }, { "reference_url": "https://www.exploit-db.com/exploits/43396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/43396/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049", "reference_id": "CVE-2017-18049", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18049" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215636?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/215639?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3-rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/215640?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a1p9-cwzb-kbgb" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54917?format=api", "purl": "pkg:composer/silverstripe/framework@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aj7q-x4hc-xbdm" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-g7kn-gn2m-myc3" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h9g1-7wez-8qft" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-m3us-9sft-wbh8" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-p2m9-rejx-e3e9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tsdn-bu3d-ubaf" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-yxuh-bxh5-z3cw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1" } ], "aliases": [ "CVE-2017-18049", "GHSA-2jvj-mhf2-g99w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54588?format=api", "vulnerability_id": "VCID-qmfy-dxag-uuex", "summary": "Improper Authentication\nIn SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44223", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44155", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26136" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136", "reference_id": "CVE-2020-26136", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26136" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136", "reference_id": "CVE-2020-26136", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26136" }, { "reference_url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2", "reference_id": "GHSA-mg2g-8pwj-r2j2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mg2g-8pwj-r2j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80966?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" } ], "aliases": [ "CVE-2020-26136", "GHSA-mg2g-8pwj-r2j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41074?format=api", "vulnerability_id": "VCID-r1eg-dwej-5kau", "summary": "Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42056", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12437" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12437" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437", "reference_id": "CVE-2019-12437", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" } ], "aliases": [ "CVE-2019-12437", "GHSA-fx37-56v6-85q6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41544?format=api", "vulnerability_id": "VCID-sg62-98yy-2kd7", "summary": "Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37842", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37751", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28661" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28661" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661", "reference_id": "CVE-2021-28661", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2021-28661" }, { "reference_url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx", "reference_id": "GHSA-r7rh-g777-g5gx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7rh-g777-g5gx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53317?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2021-28661", "GHSA-r7rh-g777-g5gx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54583?format=api", "vulnerability_id": "VCID-tv7h-289s-xub4", "summary": "Improper Restriction of XML External Entity Reference\nSilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5767", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57618", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25817" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2021-25817" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817", "reference_id": "CVE-2020-25817", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25817" }, { "reference_url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8", "reference_id": "GHSA-3vjc-5x79-m9r8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vjc-5x79-m9r8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80966?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/148355?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-25817", "GHSA-3vjc-5x79-m9r8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52799?format=api", "vulnerability_id": "VCID-umhc-fdfh-1fdx", "summary": "Cross-site Scripting\nIn SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57206", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57155", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9311" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-cms" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-9311" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9311" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311", "reference_id": "CVE-2020-9311", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2020-9311" }, { "reference_url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x", "reference_id": "GHSA-2pw2-qpcp-m47x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2pw2-qpcp-m47x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77683?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5" } ], "aliases": [ "CVE-2020-9311", "GHSA-2pw2-qpcp-m47x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110076?format=api", "vulnerability_id": "VCID-uy47-3s8a-hbdn", "summary": "Silverstipe CMS Stored XSS in custom meta tags\nA malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.\nThis requires CMS access to exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55551", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55495", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37421" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37421" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2022-37421" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421", "reference_id": "CVE-2022-37421", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2022-37421" }, { "reference_url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf", "reference_id": "GHSA-pp74-g2q5-j4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp74-g2q5-j4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/504775?format=api", "purl": "pkg:composer/silverstripe/framework@4.11.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3" } ], "aliases": [ "CVE-2022-37421", "GHSA-pp74-g2q5-j4jf", "GMS-2022-6855" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy47-3s8a-hbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54582?format=api", "vulnerability_id": "VCID-wgdv-etcq-3qhw", "summary": "Improper Input Validation\nIn SilverStripe, a FormField with square brackets in the field name skips validation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52915", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26138" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/", "reference_id": "CVE-2020-26138", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2020-26138/" }, { "reference_url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44", "reference_id": "GHSA-7mv4-4xpg-xq44", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mv4-4xpg-xq44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80966?format=api", "purl": "pkg:composer/silverstripe/framework@4.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/148355?format=api", "purl": "pkg:composer/silverstripe/framework@4.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4" } ], "aliases": [ "CVE-2020-26138", "GHSA-7mv4-4xpg-xq44" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52274?format=api", "vulnerability_id": "VCID-xg74-3h1h-kqaf", "summary": "Uncontrolled Resource Consumption\nSilverStripe allows a Denial of Service on flush and development URL tools.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36088", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.35994", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12246" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab" }, { "reference_url": "https://www.silverstripe.org/blog/tag/release", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/blog/tag/release" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12246" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246", "reference_id": "CVE-2019-12246", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/76173?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0" } ], "aliases": [ "CVE-2019-12246", "GHSA-5fr8-xhqq-4p3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51847?format=api", "vulnerability_id": "VCID-y8et-m846-2fc6", "summary": "Information Exposure\nSilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49005", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.49066", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12245" }, { "reference_url": "https://forum.silverstripe.org/c/releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.silverstripe.org/c/releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12245" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/cve-2019-12245/" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245", "reference_id": "CVE-2019-12245", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/CVE-2019-12245" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml", "reference_id": "CVE-2019-12245.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p", "reference_id": "GHSA-jvx5-rm6q-gx7p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvx5-rm6q-gx7p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/144275?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/144274?format=api", "purl": "pkg:composer/silverstripe/framework@3.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/75986?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nzcm-xbxx-wyf9" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/144279?format=api", "purl": "pkg:composer/silverstripe/framework@4.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/76175?format=api", "purl": "pkg:composer/silverstripe/framework@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-24a5-ruc4-bycq" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-5dt7-nc8t-nqgh" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7gak-15m5-j3f5" }, { "vulnerability": "VCID-7w7t-3783-1kbs" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9t4k-8hsz-bfdw" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-ca4q-xd4v-vqfe" }, { "vulnerability": "VCID-fmfu-81xu-pfdy" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-ru3j-21j8-ayhm" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xm4q-u96p-57dd" }, { "vulnerability": "VCID-ytbc-8mhd-b3fc" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4" } ], "aliases": [ "CVE-2019-12245", "GHSA-jvx5-rm6q-gx7p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45062?format=api", "vulnerability_id": "VCID-zdge-zsmz-8ud9", "summary": "Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1724", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17318", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22728" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/cve-2023-22728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728", "reference_id": "CVE-2023-22728", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22728" }, { "reference_url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh3w-6jp2-vqqm" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm", "reference_id": "GHSA-jh3w-6jp2-vqqm", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/" } ], "url": "https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64977?format=api", "purl": "pkg:composer/silverstripe/framework@4.12.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-2hk2-hzyh-wbhf" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5" } ], "aliases": [ "CVE-2023-22728", "GHSA-jh3w-6jp2-vqqm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55037?format=api", "vulnerability_id": "VCID-znbg-16r4-6ybg", "summary": "silverstripe/framework's User-Agent header not correctly invalidating user session\nA security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user session.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78" }, { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-006" }, { "reference_url": "https://github.com/advisories/GHSA-4qx8-j9vh-2628", "reference_id": "GHSA-4qx8-j9vh-2628", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qx8-j9vh-2628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54915?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54916?format=api", "purl": "pkg:composer/silverstripe/framework@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-hq36-9ntc-akez" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-u9e7-1zhg-mygt" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3" } ], "aliases": [ "GHSA-4qx8-j9vh-2628" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znbg-16r4-6ybg" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38498?format=api", "vulnerability_id": "VCID-c6bz-jwhm-vkgp", "summary": "Cross-site Scripting\nThere is an XSS in SilverStripe CMS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.5014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5197" }, { "reference_url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://www.silverstripe.org/download/security-releases", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.silverstripe.org/download/security-releases" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/" }, { "reference_url": "http://www.securityfocus.com/bid/96572", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96572" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197", "reference_id": "CVE-2017-5197", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5197" }, { "reference_url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h", "reference_id": "GHSA-xmjh-wjc5-wg4h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmjh-wjc5-wg4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53251?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-njph-ua7r-auaq" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53316?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/53252?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-njph-ua7r-auaq" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53317?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2" } ], "aliases": [ "CVE-2017-5197", "GHSA-xmjh-wjc5-wg4h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38467?format=api", "vulnerability_id": "VCID-t81f-5b8z-hyht", "summary": "XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.", "references": [ { "reference_url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d" }, { "reference_url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.silverstripe.org/download/security-releases/ss-2017-001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53251?format=api", "purl": "pkg:composer/silverstripe/framework@3.4.4-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-njph-ua7r-auaq" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53252?format=api", "purl": "pkg:composer/silverstripe/framework@3.5.2-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11sx-j3x7-gkcr" }, { "vulnerability": "VCID-1mmc-91gk-r3d3" }, { "vulnerability": "VCID-1p79-328x-sueq" }, { "vulnerability": "VCID-37d1-tt74-yyfm" }, { "vulnerability": "VCID-3j6f-5c14-uubc" }, { "vulnerability": "VCID-3x46-q9cb-7ubg" }, { "vulnerability": "VCID-4qjj-wqg5-dbay" }, { "vulnerability": "VCID-5cfa-whq6-9ucp" }, { "vulnerability": "VCID-79qx-v5uu-jyf2" }, { "vulnerability": "VCID-7hxq-cp29-r7dh" }, { "vulnerability": "VCID-86vg-4j71-hkgr" }, { "vulnerability": "VCID-8u5c-6vx3-mfcr" }, { "vulnerability": "VCID-9y5u-qyzd-3ud9" }, { "vulnerability": "VCID-a7cf-kpzy-xudd" }, { "vulnerability": "VCID-aygc-4nhm-n7eq" }, { "vulnerability": "VCID-b6nm-cphj-wfgw" }, { "vulnerability": "VCID-b95v-49p7-fkas" }, { "vulnerability": "VCID-bwrh-updj-zkfs" }, { "vulnerability": "VCID-cmwn-cjff-9qau" }, { "vulnerability": "VCID-fm87-te3v-pkc8" }, { "vulnerability": "VCID-gnpw-s9hp-wqfs" }, { "vulnerability": "VCID-h1y5-n4b7-ckg6" }, { "vulnerability": "VCID-hcuz-gz3w-97ew" }, { "vulnerability": "VCID-k46z-g6jp-57ek" }, { "vulnerability": "VCID-ky21-z2d2-sye6" }, { "vulnerability": "VCID-mkex-ht2r-cucz" }, { "vulnerability": "VCID-n4fk-735u-2baw" }, { "vulnerability": "VCID-njph-ua7r-auaq" }, { "vulnerability": "VCID-nute-ndg2-z7ev" }, { "vulnerability": "VCID-pkve-yjqy-syc2" }, { "vulnerability": "VCID-qdwg-f2bx-1bay" }, { "vulnerability": "VCID-qmfy-dxag-uuex" }, { "vulnerability": "VCID-r1eg-dwej-5kau" }, { "vulnerability": "VCID-sg62-98yy-2kd7" }, { "vulnerability": "VCID-tv7h-289s-xub4" }, { "vulnerability": "VCID-umhc-fdfh-1fdx" }, { "vulnerability": "VCID-uy47-3s8a-hbdn" }, { "vulnerability": "VCID-wgdv-etcq-3qhw" }, { "vulnerability": "VCID-xg74-3h1h-kqaf" }, { "vulnerability": "VCID-y8et-m846-2fc6" }, { "vulnerability": "VCID-zdge-zsmz-8ud9" }, { "vulnerability": "VCID-znbg-16r4-6ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" } ], "aliases": [ "SS-2017-001" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1" }