VulnerableCode Package Details - pkg:composer/silverstripe/assets@1.11.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ftdr-uzuh-8ybc	Silverstripe XSS in shortcodes A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.	CVE-2022-38724 GHSA-9cx2-hj6m-fv58 GMS-2022-6853 GMS-2022-6856
VCID-mhey-g1u8-wbbv	XSS via uploaded gpx file A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.	CVE-2022-38147 GHSA-vv3r-fxqp-vr3f GMS-2022-6854

Vulnerability

Summary

Aliases

VCID-ftdr-uzuh-8ybc

Silverstripe XSS in shortcodes A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk.

CVE-2022-38724
GHSA-9cx2-hj6m-fv58
GMS-2022-6853
GMS-2022-6856

VCID-mhey-g1u8-wbbv

XSS via uploaded gpx file A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data. By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.

CVE-2022-38147
GHSA-vv3r-fxqp-vr3f
GMS-2022-6854

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:16:09.562353+00:00	GitLab Importer	Fixing	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.4.0
2026-04-16T22:16:01.839526+00:00	GitLab Importer	Fixing	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.4.0
2026-04-11T23:33:25.791125+00:00	GitLab Importer	Fixing	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.3.0
2026-04-11T23:33:17.647453+00:00	GitLab Importer	Fixing	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.3.0
2026-04-03T21:28:23.242684+00:00	GitLab Importer	Fixing	VCID-ftdr-uzuh-8ybc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6853.yml	38.1.0
2026-04-03T21:28:22.408395+00:00	GitLab Importer	Fixing	VCID-mhey-g1u8-wbbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/assets/GMS-2022-6854.yml	38.1.0
2026-04-01T16:04:10.116773+00:00	GHSA Importer	Fixing	VCID-ftdr-uzuh-8ybc	https://github.com/advisories/GHSA-9cx2-hj6m-fv58	38.0.0
2026-04-01T16:04:10.085902+00:00	GHSA Importer	Fixing	VCID-mhey-g1u8-wbbv	https://github.com/advisories/GHSA-vv3r-fxqp-vr3f	38.0.0
2026-04-01T13:07:09.872184+00:00	GithubOSV Importer	Fixing	VCID-mhey-g1u8-wbbv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-vv3r-fxqp-vr3f/GHSA-vv3r-fxqp-vr3f.json	38.0.0
2026-04-01T13:07:04.829275+00:00	GithubOSV Importer	Fixing	VCID-ftdr-uzuh-8ybc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-9cx2-hj6m-fv58/GHSA-9cx2-hj6m-fv58.json	38.0.0