Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/silverstripe/framework@3.3.0-alpha
purl pkg:composer/silverstripe/framework@3.3.0-alpha
Tags Ghost
Next non-vulnerable version 5.3.23
Latest non-vulnerable version 6.0.0-alpha1
Risk
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-6e1y-7jj8-a7cw
Aliases:
SS-2016-004
XSS in CMS Edit Page Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.
3.3.2-rc1
Affected by 55 other vulnerabilities.
3.3.2
Affected by 53 other vulnerabilities.
VCID-7me4-ggep-sbhj
Aliases:
SS-2016-006
Missing CSRF protection in login form `LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability.
3.3.2-rc1
Affected by 55 other vulnerabilities.
3.3.2
Affected by 53 other vulnerabilities.
VCID-km94-727n-nfa6
Aliases:
SS-2015-029
CSRF vulnerability in savetreenodes `savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.
3.3.2-rc1
Affected by 55 other vulnerabilities.
3.3.2
Affected by 53 other vulnerabilities.
VCID-ku6h-zhz1-8ydr
Aliases:
SS-2016-005
Brute force bypass on default admin Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.
3.3.2-rc1
Affected by 55 other vulnerabilities.
3.3.2
Affected by 53 other vulnerabilities.
VCID-ud6e-smr7-vffw
Aliases:
SS-2016-001
XSS in CMSController BackURL A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.
3.3.2-rc1
Affected by 55 other vulnerabilities.
3.3.2
Affected by 53 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T20:52:26.242617+00:00 GitLab Importer Affected by VCID-km94-727n-nfa6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/SS-2015-029.yml 38.6.0
2026-05-30T20:52:26.160208+00:00 GitLab Importer Affected by VCID-7me4-ggep-sbhj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/SS-2016-006.yml 38.6.0
2026-05-30T20:52:26.069542+00:00 GitLab Importer Affected by VCID-6e1y-7jj8-a7cw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/SS-2016-004.yml 38.6.0
2026-05-30T20:52:25.981137+00:00 GitLab Importer Affected by VCID-ud6e-smr7-vffw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/SS-2016-001.yml 38.6.0
2026-05-30T20:52:25.886723+00:00 GitLab Importer Affected by VCID-ku6h-zhz1-8ydr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/SS-2016-005.yml 38.6.0