Search for packages
| purl | pkg:composer/silverstripe/framework@3.4.0-alpha0 |
| Tags | Ghost |
| Next non-vulnerable version | 5.3.23 |
| Latest non-vulnerable version | 6.0.0-alpha1 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8wbx-bvm9-jqcv
Aliases: SS-2016-011 |
ChangePasswordForm doesn't check Member::canLogIn() After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses. |
Affected by 0 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-dx5f-g875-5bct
Aliases: SS-2016-014 |
Pre-existing alc_enc cookies log users in if remember me is disabled If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-hgkh-tcdc-ufd5
Aliases: SS-2016-012 |
Missing ACL on reports The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-k7bb-y315-4qb6
Aliases: SS-2016-015 |
XSS In OptionsetField and CheckboxSetField List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-p52e-s67u-eya7
Aliases: SS-2016-013 |
Member.Name isn't escaped The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-vtva-utdn-jkce
Aliases: SS-2016-007 |
VersionedRequestFilter vulnerability A cross-site scripting vulnerability in `VersionedRequestFilter` has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-wrnm-d19b-hqby
Aliases: SS-2016-008 |
Password encryption salt expiry When a user changes their password, the internal salt used for hashing their password is not updated. |
Affected by 43 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-z7fk-zbvh-quew
Aliases: SS-2016-016 |
XSS In CMSSecurity BackURL In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL. |
Affected by 39 other vulnerabilities. |
|
VCID-zxmh-xcvd-53fe
Aliases: SS-2016-010 |
ReadOnly transformation for formfields exploitable Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic. |
Affected by 39 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||