Search for packages
| purl | pkg:composer/silverstripe/framework@4.0.0 |
| Next non-vulnerable version | 5.3.23 |
| Latest non-vulnerable version | 6.0.0-alpha1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1nes-cr3m-j3dv
Aliases: GHSA-m5q3-mvcr-gc5m |
silverstripe/framework BackURL validation bypass with malformed URLs A carefully constructed malformed URL can be used to circumvent the offsite redirection protection used on `BackURL` parameters. This could lead to users entering sensitive data in malicious websites instead of the intended one. |
Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-2rbk-47h6-d7d8
Aliases: CVE-2022-0227 GHSA-32m2-9f76-4gv8 |
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework |
Affected by 21 other vulnerabilities. |
|
VCID-4f9c-aun4-wfep
Aliases: CVE-2023-22728 GHSA-jh3w-6jp2-vqqm |
Missing Authorization Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
Affected by 10 other vulnerabilities. |
|
VCID-4x32-t75c-u3bj
Aliases: CVE-2022-37421 GHSA-pp74-g2q5-j4jf GMS-2022-6855 |
Silverstipe CMS Stored XSS in custom meta tags A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut. This requires CMS access to exploit. |
Affected by 17 other vulnerabilities. |
|
VCID-5pkg-j4wg-7fcn
Aliases: CVE-2023-32302 GHSA-36xx-7vf6-7mv3 |
Improper Input Validation Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-6du5-hdvd-fueb
Aliases: CVE-2019-12203 GHSA-w7r7-r8r9-vrg2 |
Session fixation in change password form SilverStripe through 4.3.3 allows session fixation in the "change password" form. |
Affected by 30 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-6epx-c68d-d7bv
Aliases: CVE-2024-53277 GHSA-ff6q-3c9c-6cf5 |
Silverstripe Framework has a XSS in form messages In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. ### References - https://www.silverstripe.org/download/security-releases/cve-2024-53277 ## Reported by Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/) |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6xwk-ee7f-5ubd
Aliases: GHSA-r3pr-fh25-wrfc |
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms When accessing the `install.php` script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the `value` property of the password fields. |
Affected by 45 other vulnerabilities. |
|
VCID-71cx-seqr-3fh5
Aliases: GHSA-ph62-fv59-vf9h |
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt All user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field. In order to address this a one-way hash is applied to the Email field before being stored. |
Affected by 45 other vulnerabilities. |
|
VCID-7dk3-gcup-2kc9
Aliases: CVE-2020-25817 GHSA-3vjc-5x79-m9r8 |
SilverStripe XXE Vulnerability in CSSContentParser SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]). |
Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-86yd-4mkt-hydr
Aliases: CVE-2023-48714 GHSA-qm2j-qvq3-j29v |
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter ### Impact If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. **Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1) **Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/) ### References - https://www.silverstripe.org/download/security-releases/CVE-2023-48714 |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-a3yc-fxa1-gfhy
Aliases: CVE-2025-30148 GHSA-rhx4-hvx9-j387 |
Silverstripe Framework has a XSS vulnerability in HTML editor ### Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this attack. ### Reported by James Nicoll from Fujitsu Cyber ### References - https://www.silverstripe.org/download/security-releases/cve-2025-30148 |
Affected by 0 other vulnerabilities. |
|
VCID-ab5z-bqka-xudb
Aliases: CVE-2017-18049 GHSA-2jvj-mhf2-g99w |
Injection Vulnerability In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
Affected by 49 other vulnerabilities. Affected by 45 other vulnerabilities. |
|
VCID-ajga-3b99-yugh
Aliases: CVE-2020-26136 GHSA-mg2g-8pwj-r2j2 |
Authentication bypass in SilverStripe GraphQL The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though. Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler |
Affected by 23 other vulnerabilities. |
|
VCID-axxx-gpfn-mqc9
Aliases: GHSA-mqf3-qpc3-g26q |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message > [!IMPORTANT] > This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. > See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information. If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. ## References - https://www.silverstripe.org/download/security-releases/ss-2024-002 ## Reported by Gaurav Nayak from [Chaleit](https://chaleit.com/) |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bdcq-z11u-zyh5
Aliases: CVE-2019-12245 GHSA-jvx5-rm6q-gx7p |
Lack of access control on upoaded files SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. |
Affected by 30 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-c75p-3hdz-q3b6
Aliases: GHSA-265q-222x-52m6 |
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector A potential SQL injection vulnerability was identified by using the silverstripe/postgresql database adapter. While unlikely to be exploitable, we have patched silverstripe/framework to ensure that table names are safely escaped before being passed to database adapters or user code. |
Affected by 37 other vulnerabilities. Affected by 38 other vulnerabilities. Affected by 38 other vulnerabilities. |
|
VCID-cdgj-bdpy-ukak
Aliases: CVE-2019-12437 GHSA-fx37-56v6-85q6 |
Cross-Site Request Forgery (CSRF) Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
Affected by 30 other vulnerabilities. |
|
VCID-cfgg-fgjt-z3hn
Aliases: CVE-2022-38148 GHSA-rr8h-f97q-8p9c |
Blind SQL Injection via GridFieldSortableHeader Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state. |
Affected by 13 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-d5q3-jrdb-euav
Aliases: CVE-2022-38462 GHSA-vvxf-r4vm-2vm6 GMS-2022-6858 |
Reflected XSS in querystring parameters An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request. To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malicious payload. This will only affect projects configured to output PHP warnings to the browser. By default, Silverstripe CMS will only output PHP warnings if your SS_ENVIRONMENT_TYPE environment variable is set to dev. Production sites should always set SS_ENVIRONMENT_TYPE to live. |
Affected by 13 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-dc9y-v257-6bhf
Aliases: CVE-2020-9280 GHSA-592m-4533-rxq9 |
SilverStripe Folders migrated from 3.x may be unsafe to upload to In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x. |
Affected by 29 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-eddc-w9wx-c3gq
Aliases: CVE-2019-14273 GHSA-43jj-2rwc-2m3f |
Broken access control on files In SilverStripe assets 4.0, there is broken access control on files. |
Affected by 49 other vulnerabilities. Affected by 45 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-enkd-4y44-4ueq
Aliases: CVE-2020-26138 GHSA-7mv4-4xpg-xq44 |
FormField with square brackets in field name skips validation FileField with array notation skips validation The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload. PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this. In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case. |
Affected by 23 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-ff5q-59gf-nugg
Aliases: GHSA-xpff-c35g-j3cr |
silverstripe/framework Privilege Escalation Risk in Member Edit form A member with the permission `EDIT_PERMISSIONS` and access to the "Security" section is able to re-assign themselves (or another member) to `ADMIN` level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation. |
Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-fpb7-5pwu-tyg5
Aliases: CVE-2019-12617 GHSA-6r58-4xgr-gm6m |
SilverStripe Priviledge escalation through cache pollution In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. |
Affected by 30 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-ftdr-uzuh-8ybc
Aliases: CVE-2022-38724 GHSA-9cx2-hj6m-fv58 GMS-2022-6853 GMS-2022-6856 |
Silverstripe XSS in shortcodes A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where appropriate to negate this risk. |
Affected by 13 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-fyxa-vzeq-ubeq
Aliases: CVE-2019-19326 GHSA-q9ff-3q93-fm8m |
SilverStripe Web Cache Poisoning through HTTPRequestBuilder SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder. |
Affected by 27 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-g3kz-796v-4qf1
Aliases: GHSA-mqjc-x563-c9q8 |
silverstripe/framework CSV Excel Macro Injection In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will be prepended with a literal tab character. |
Affected by 45 other vulnerabilities. |
|
VCID-gme6-wj87-ekfw
Aliases: CVE-2020-6164 GHSA-gm5x-hpmw-xpxg |
Silverstripe CMS information disclosure In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side-effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page). |
Affected by 27 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-jx5m-bqc6-h3bv
Aliases: GHSA-55qg-6c4m-mw6g |
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded The URL parameters `isDev` and `isTest` are accessible to unauthenticated users who access a SilverStripe website or application. This allows unauthorised users to expose information that is usually hidden on production environments such as verbose errors (including backtraces) and other debugging tools only available to sites running in "dev mode". Core functionality does not expose user data through these methods. Depending on your website configuration, community modules might have added more specific functionality which can be used to either access or alter user data. We have fixed the usage of isDev and isTest in SilverStripe 4.x, and removed the URL parameters in the next major release of SilverStripe. |
Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-kak1-btjp-kqgz
Aliases: GHSA-52cw-pvq9-9m5v |
Silverstripe uses TinyMCE which allows svg files linked in object tags ### Impact TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks. Note that `<embed>` tags are not allowed by default. After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour. We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS. ### References: - https://www.silverstripe.org/download/security-releases/ss-2024-001 - https://github.com/advisories/GHSA-5359-pvf2-pw78 |
Affected by 6 other vulnerabilities. |
|
VCID-kd3t-2gzd-q3hq
Aliases: CVE-2022-25238 GHSA-jx34-gqqq-r6gm |
Stored XSS via HTML fields in SilverStripe Framework SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. |
Affected by 18 other vulnerabilities. |
|
VCID-kgm4-g26x-gken
Aliases: CVE-2022-37429 GHSA-wc6r-4ggc-79w5 GMS-2022-6859 |
Stored XSS using HTMLEditor A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue. |
Affected by 13 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-kvhv-9fj5-7kgk
Aliases: CVE-2024-47605 GHSA-7cmp-cgg8-4c82 |
Silverstripe Framework has a XSS via insert media remote file oembed ### Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. ## References - https://www.silverstripe.org/download/security-releases/cve-2024-47605 ## Reported by James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/) |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-kw9p-5fbc-hudg
Aliases: GHSA-74j9-xhqr-6qv3 |
Reflected Cross Site Scripting (XSS) in error message If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
Affected by 2 other vulnerabilities. |
|
VCID-kxa8-dmva-ayff
Aliases: CVE-2021-41559 GHSA-9fmg-89fx-r33w |
Quadratic blowup in Convert::xml2array() Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
Affected by 18 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-kxyq-vg6e-6uac
Aliases: GHSA-cwgq-83w5-8jfq |
silverstripe/framework has possible denial of service attack vector when flushing A possible denial of service attack vector has been identified in the dev/build system controller. dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments. |
Affected by 38 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 39 other vulnerabilities. |
|
VCID-m8w1-g9h9-vuce
Aliases: CVE-2019-16409 GHSA-xm6j-x342-gwq9 |
SilverStripe Versioned Files module Unpublished files are exposed publicly In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. (Users who upgrade from SilverStripe 3.x to 4.x and had Versioned Files installed have no further need for this module, because the 4.x release has built-in versioning. However, nothing in the upgrade process automates the destruction of these insecure artefacts, nor alerts the user to the criticality of destruction.) |
Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-p2kq-rkh6-ayeu
Aliases: CVE-2019-5715 GHSA-wvfw-w3x6-g526 |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
Affected by 36 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 37 other vulnerabilities. |
|
VCID-p554-wkxw-gfdh
Aliases: GHSA-crr3-h4m8-7f56 |
silverstripe/framework vulnerable to member disclosure in login form There is a user ID enumeration vulnerability in our brute force error messages. - Users that don't exist in will never get a locked out message - Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users. This is a regression of [SS-2017-002](https://www.silverstripe.org/download/security-releases/ss-2017-002). |
Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-pq29-qe7h-tkcp
Aliases: CVE-2019-12205 GHSA-rfvw-5848-gxc5 |
Silverstripe Flash Clipboard Reflected XSS SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue. |
Affected by 30 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-qak9-2t7g-w3fv
Aliases: GHSA-m2hh-2m46-x6j5 |
silverstripe/framework may disclose database credentials during connection failure When running SilverStripe 3.7 or 4.x in dev mode with the mysqli database driver, there is a potential to disclose the connection details. We have blacklisted the sensitive parts of the connection information from being included in dev mode stack traces when database errors occur. |
Affected by 38 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 39 other vulnerabilities. |
|
VCID-qjgf-hxng-j3g9
Aliases: GHSA-256q-hx8w-xcqx |
Silverstripe Framework user enumeration via timing attack on login and password reset forms ### Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ ### References - https://www.silverstripe.org/download/security-releases/ss-2017-005 - https://www.silverstripe.org/download/security-releases/ss-2025-001 |
Affected by 0 other vulnerabilities. |
|
VCID-qm38-1cwk-b3hq
Aliases: CVE-2023-22729 GHSA-fw84-xgm8-9jmv |
URL Redirection to Untrusted Site ('Open Redirect') Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
Affected by 10 other vulnerabilities. |
|
VCID-tc2y-zrea-vyb2
Aliases: CVE-2021-36150 GHSA-j66h-cc96-c32q |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') SilverStripe Framework suffers from a XSS vulnerablity. |
Affected by 22 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-tm1s-2m92-uyh9
Aliases: CVE-2019-14272 GHSA-jgw2-f5mx-rg7h |
SilverStripe asset-admin Cross-site Scripting (XSS) In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. |
Affected by 49 other vulnerabilities. Affected by 45 other vulnerabilities. Affected by 29 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-u49v-31sv-eqc3
Aliases: CVE-2019-12246 GHSA-5fr8-xhqq-4p3q |
SilverStripe Denial of Service on flush and development URL tools SilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools. |
Affected by 30 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-ua49-snhx-dqa4
Aliases: CVE-2022-37430 GHSA-qw4w-vq8v-2wcv GMS-2022-6857 |
Stored XSS using uppercase characters in HTMLEditor A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue. |
Affected by 13 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-v116-gayp-mbfu
Aliases: GHSA-xx4r-5265-48j6 |
silverstripe/framework SQL injection in full text search When performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability. The issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql. |
Affected by 45 other vulnerabilities. |
|
VCID-w4fh-cpaq-nqat
Aliases: CVE-2022-28803 GHSA-rppc-655v-7j3c |
Stored XSS in link tags added via XHR in SilverStripe Framework SilverStripe Framework 4.x prior to 4.10.9 is vulnerable to cross-site scripting inside the href attribute of an HTML hyperlink, which can be added to website content via XMLHttpRequest (XHR) by an authenticated CMS user. |
Affected by 18 other vulnerabilities. |
|
VCID-xnb4-zjws-vuhu
Aliases: GHSA-f43j-8hq4-2xj9 |
silverstripe/framework uploaded PHP script execution in assets A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the CMS, meaning this weakness does not lead to direct vulnerabilities. In addition, sites hosted on the New Zealand Common Web Platform or SilverStripe Platform have additional configuration in place which prevents PHP script execution in assets, even in a malicious party manages to upload these into the folder. |
Affected by 40 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-xw77-b18v-8kc4
Aliases: CVE-2019-19325 GHSA-qvrv-2x7x-78x2 |
Reflected XSS in SilverStripe SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user&#39;s credentials or other sensitive user input. |
Affected by 29 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-yuer-yn1w-q3gw
Aliases: CVE-2024-32981 GHSA-chx7-9x8h-r5mg |
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload ### Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack. ### References - https://www.silverstripe.org/download/security-releases/cve-2024-32981 |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||