Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/silverstripe/assets@1.11.0-beta1 |
|---|
| Type | composer |
|---|
| Namespace | silverstripe |
|---|
| Name | assets |
|---|
| Version | 1.11.0-beta1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 1.11.1 |
|---|
| Latest_non_vulnerable_version | 3.1.3 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-ftdr-uzuh-8ybc |
| vulnerability_id |
VCID-ftdr-uzuh-8ybc |
| summary |
Silverstripe XSS in shortcodes
A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-38724 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55253 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55275 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55271 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55233 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55251 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55272 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55259 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5521 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-38724 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-38724, GHSA-9cx2-hj6m-fv58, GMS-2022-6853, GMS-2022-6856
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftdr-uzuh-8ybc |
|
| 1 |
| url |
VCID-mhey-g1u8-wbbv |
| vulnerability_id |
VCID-mhey-g1u8-wbbv |
| summary |
XSS via uploaded gpx file
A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data.
By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-38147 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55253 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55275 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55271 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55233 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55251 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55272 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55259 |
| published_at |
2026-04-08T12:55:00Z |
|
| 10 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5521 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-38147 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-38147, GHSA-vv3r-fxqp-vr3f, GMS-2022-6854
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mhey-g1u8-wbbv |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 3.1 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/assets@1.11.0-beta1 |
|---|