VulnerableCode Package Details - pkg:composer/silverstripe/assets@1.11.0-rc1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ftdr-uzuh-8ybc Aliases: CVE-2022-38724 GHSA-9cx2-hj6m-fv58 GMS-2022-6853 GMS-2022-6856	Silverstripe XSS in shortcodes A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.	1.11.1 Affected by 0 other vulnerabilities.
VCID-mhey-g1u8-wbbv Aliases: CVE-2022-38147 GHSA-vv3r-fxqp-vr3f GMS-2022-6854	XSS via uploaded gpx file A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.	1.11.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ftdr-uzuh-8ybc
Aliases:
CVE-2022-38724
GHSA-9cx2-hj6m-fv58
GMS-2022-6853
GMS-2022-6856

Silverstripe XSS in shortcodes A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.

1.11.1
Affected by 0 other vulnerabilities.

VCID-mhey-g1u8-wbbv
Aliases:
CVE-2022-38147
GHSA-vv3r-fxqp-vr3f
GMS-2022-6854

XSS via uploaded gpx file A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.

1.11.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:16:09.555490+00:00	GitLab Importer	Affected by	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.4.0
2026-04-16T22:16:01.832899+00:00	GitLab Importer	Affected by	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.4.0
2026-04-11T23:33:25.784264+00:00	GitLab Importer	Affected by	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.3.0
2026-04-11T23:33:17.639996+00:00	GitLab Importer	Affected by	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.3.0
2026-04-05T02:28:39.806693+00:00	GitLab Importer	Affected by	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.1.0
2026-04-05T02:28:32.608135+00:00	GitLab Importer	Affected by	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.1.0