Search for packages
| purl | pkg:composer/silverstripe/framework@3.5.5-beta1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1mmc-91gk-r3d3
Aliases: CVE-2019-5715 GHSA-wvfw-w3x6-g526 |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-7hxq-cp29-r7dh
Aliases: CVE-2019-14272 GHSA-jgw2-f5mx-rg7h |
Cross-site Scripting In SilverStripe asset-admin, there is XSS in file titles managed through the CMS. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-b6nm-cphj-wfgw
Aliases: CVE-2019-12617 GHSA-6r58-4xgr-gm6m |
Improper Privilege Management In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-cmwn-cjff-9qau
Aliases: CVE-2019-12203 GHSA-w7r7-r8r9-vrg2 |
Session Fixation SilverStripe allows session fixation in the "change password" form. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-mkex-ht2r-cucz
Aliases: CVE-2019-14273 GHSA-43jj-2rwc-2m3f |
Files or Directories Accessible to External Parties In SilverStripe, there is broken access control on files. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-nute-ndg2-z7ev
Aliases: CVE-2019-12205 GHSA-rfvw-5848-gxc5 |
Cross-site Scripting SilverStripe has Flash Clipboard Reflected XSS. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-qdwg-f2bx-1bay
Aliases: CVE-2017-18049 GHSA-2jvj-mhf2-g99w |
Injection Vulnerability In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-r1eg-dwej-5kau
Aliases: CVE-2019-12437 GHSA-fx37-56v6-85q6 |
Cross-Site Request Forgery (CSRF) Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
Affected by 3 other vulnerabilities. |
|
VCID-umhc-fdfh-1fdx
Aliases: CVE-2020-9311 GHSA-2pw2-qpcp-m47x |
Cross-site Scripting In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
Affected by 0 other vulnerabilities. |
|
VCID-xg74-3h1h-kqaf
Aliases: CVE-2019-12246 GHSA-5fr8-xhqq-4p3q |
Uncontrolled Resource Consumption SilverStripe allows a Denial of Service on flush and development URL tools. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-y8et-m846-2fc6
Aliases: CVE-2019-12245 GHSA-jvx5-rm6q-gx7p |
Information Exposure SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3x46-q9cb-7ubg | Information Exposure Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
CVE-2017-12849
GHSA-fwhr-g5r4-xgxf |