Search for packages
| purl | pkg:composer/silverstripe/framework@3.6.0-beta2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1mmc-91gk-r3d3
Aliases: CVE-2019-5715 GHSA-wvfw-w3x6-g526 |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-7hxq-cp29-r7dh
Aliases: CVE-2019-14272 GHSA-jgw2-f5mx-rg7h |
Cross-site Scripting In SilverStripe asset-admin, there is XSS in file titles managed through the CMS. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-b6nm-cphj-wfgw
Aliases: CVE-2019-12617 GHSA-6r58-4xgr-gm6m |
Improper Privilege Management In SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-b95v-49p7-fkas
Aliases: CVE-2017-14498 GHSA-j696-6m57-mcrv |
Cross-site Scripting SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-cmwn-cjff-9qau
Aliases: CVE-2019-12203 GHSA-w7r7-r8r9-vrg2 |
Session Fixation SilverStripe allows session fixation in the "change password" form. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-mkex-ht2r-cucz
Aliases: CVE-2019-14273 GHSA-43jj-2rwc-2m3f |
Files or Directories Accessible to External Parties In SilverStripe, there is broken access control on files. |
Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-nute-ndg2-z7ev
Aliases: CVE-2019-12205 GHSA-rfvw-5848-gxc5 |
Cross-site Scripting SilverStripe has Flash Clipboard Reflected XSS. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-r1eg-dwej-5kau
Aliases: CVE-2019-12437 GHSA-fx37-56v6-85q6 |
Cross-Site Request Forgery (CSRF) Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
Affected by 3 other vulnerabilities. |
|
VCID-umhc-fdfh-1fdx
Aliases: CVE-2020-9311 GHSA-2pw2-qpcp-m47x |
Cross-site Scripting In SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
Affected by 0 other vulnerabilities. |
|
VCID-xg74-3h1h-kqaf
Aliases: CVE-2019-12246 GHSA-5fr8-xhqq-4p3q |
Uncontrolled Resource Consumption SilverStripe allows a Denial of Service on flush and development URL tools. |
Affected by 3 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-y8et-m846-2fc6
Aliases: CVE-2019-12245 GHSA-jvx5-rm6q-gx7p |
Information Exposure SilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||