Search for packages
| purl | pkg:composer/silverstripe/cms@3.1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2f9j-ek3x-kbc5
Aliases: CVE-2020-9311 GHSA-2pw2-qpcp-m47x |
Silverstripe CMS XSS Vulnerability In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
Affected by 1 other vulnerability. |
|
VCID-658d-vmwt-f7e8
Aliases: CVE-2019-12204 GHSA-cg8j-8w52-735v |
Missing warning can lead to unauthenticated admin access in SilverStripe In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-77at-thqm-c3bg
Aliases: GHSA-r97r-64vp-fghm |
Silverstripe XSS vulnerability via VirtualPage A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that VirtualPage safely escapes all field content. |
Affected by 15 other vulnerabilities. |
|
VCID-agbu-v7vd-fyc8
Aliases: SS-2016-003 |
Hostname, IP and Protocol Spoofing through HTTP Headers In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the `SS_TRUSTED_PROXY_IPS` constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. `X-Forwarded-For` vs. `Client-IP`). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies. The impact of spoofed headers can include `Director::forceSSL()` not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers. Regardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Request hostname forgery in order to opt-in to these protections. If your website is not behind a reverse proxy, you might already be protected if using Apache with mod_env enabled, and you have the following line in your .htaccess file: `SetEnv BlockUntrustedIPs true`. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-c3vp-kc9a-vkhn
Aliases: CVE-2017-14498 GHSA-j696-6m57-mcrv |
Cross-site Scripting SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
Affected by 4 other vulnerabilities. |
|
VCID-g366-c4n9-vfcs
Aliases: CVE-2020-9309 GHSA-h77w-655f-6j3m |
Silverstripe CMS malicious file upload enables script execution Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected. |
Affected by 1 other vulnerability. |
|
VCID-gme6-wj87-ekfw
Aliases: CVE-2020-6164 GHSA-gm5x-hpmw-xpxg |
Silverstripe CMS information disclosure In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page). |
Affected by 1 other vulnerability. |
|
VCID-j6ze-f76y-cqgy
Aliases: CVE-2017-5197 GHSA-xmjh-wjc5-wg4h |
Cross-site Scripting There is an XSS in SilverStripe CMS. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-jdyv-jdju-kbb2
Aliases: CVE-2015-8606 GHSA-gvc8-xjfp-6569 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. |
Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-kdyk-rrrr-pufw
Aliases: CVE-2017-12849 GHSA-fwhr-g5r4-xgxf |
Information Exposure Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-kz63-ftzc-tudk
Aliases: CVE-2015-5062 GHSA-fh35-p8ph-p545 |
Silverstripe CMS Open Redirect Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. |
Affected by 12 other vulnerabilities. |
|
VCID-mr46-bvjx-n7ar
Aliases: SS-2015-028 |
Missing security check on dev/build/defaults The `buildDefaults` method on `DevelopmentAdmin` is missing a permission check. In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is. The `buildDefaults` view is `requireDefaultRecords()` on each `DataObject` class, and hence has the potential to modify database state. It also lists all modified tables, allowing attackers more insight into which modules are used, and how the database tables are structured. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-qdtk-twxp-2kbv
Aliases: SS-2015-008-1 |
Incorrect Permission Assignment for Critical Resource SiteTree Creation Permission Vulnerability in silverstripe. |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-qjey-bhrt-kud4
Aliases: SS-2016-002 |
CSRF vulnerability in GridFieldAddExistingAutocompleter GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-rbft-1w3r-3ub7
Aliases: GHSA-3mm9-2p44-rw39 |
Silverstripe SiteTree Creation Permission Vulnerability A vulnerability exists in the permission validation for SiteTree object creation. By default user permissions are not validated by the SiteTree::canCreate method, unless overridden by user code or via the configuration system. This vulnerability will allow users, or unauthenticated guests, to create new SiteTree objects in the database. This vulnerability is present when such users are given CMS access via other means, or if there is another mechanism (such as RestfulServer module) which allows model editing and relies on model-level permission checks. This vulnerability is restricted to the creation of draft or live pages, and does not allow users to edit, publish, or unpublish existing pages. All users should upgrade as soon as possible. |
Affected by 13 other vulnerabilities. |
|
VCID-s244-c4bb-qqd3
Aliases: SS-2015-005-1 |
Cross-site Scripting VirtualPage XSS in silverstripe. |
Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-t1eq-bsbe-77ht
Aliases: GHSA-6hh6-59j2-qrxw |
Silverstripe History XSS Vulnerability A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be embedded into the page unescaped. This has been resolved by performing the text comparison in a HTML friendly way. |
Affected by 15 other vulnerabilities. |
|
VCID-wpu5-3h5v-wuhj
Aliases: SS-2015-023 |
Advanced workflow member field exposure By default, the CMS Admin editable template for the NotifyUsers action has access to a large number of fields, including (for instance) `Member#Password`. This would allow a malicious CMS Admin to extract other admin passwords by adding a template emailing these fields to themselves when other admins trigger the workflow. A new configuration option has been added; when this option is set to `true` via the Config API then only member fields specified via `Member.summary_fields` may be accessed. |
Affected by 7 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-zqu9-qfx1-sbcu
Aliases: SS-2015-003-1 |
Cross-site Scripting History XSS Vulnerability in silverstripe. |
Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||