VulnerableCode Package Details - pkg:composer/silverstripe/framework@4.5.0-alpha1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ru3j-21j8-ayhm Aliases: CVE-2020-9280 GHSA-592m-4533-rxq9	Unrestricted Upload of File with Dangerous Type In SilverStripe, files uploaded via Forms to folders migrated from Silverstripe may be put to the default `/Uploads` folder instead.	4.5.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ru3j-21j8-ayhm
Aliases:
CVE-2020-9280
GHSA-592m-4533-rxq9

Unrestricted Upload of File with Dangerous Type In SilverStripe, files uploaded via Forms to folders migrated from Silverstripe may be put to the default `/Uploads` folder instead.

4.5.1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5dt7-nc8t-nqgh	Cross-site Scripting SilverStripe allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar `FormField` attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.	CVE-2019-19325 GHSA-qvrv-2x7x-78x2
VCID-ytbc-8mhd-b3fc	Information Exposure In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).	CVE-2020-6164 GHSA-gm5x-hpmw-xpxg

Vulnerability

Summary

Aliases

VCID-5dt7-nc8t-nqgh

Cross-site Scripting SilverStripe allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar `FormField` attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input.

CVE-2019-19325
GHSA-qvrv-2x7x-78x2

VCID-ytbc-8mhd-b3fc

Information Exposure In SilverStripe, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to execution in a CLI context, and is not known to present a vulnerability through web-based access. As a side effect, this preconfigured path also blocks the creation of other resources on this path (e.g. a page).

CVE-2020-6164
GHSA-gm5x-hpmw-xpxg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:33:02.316946+00:00	GitLab Importer	Fixing	VCID-ytbc-8mhd-b3fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2020-6164.yml	38.6.0
2026-06-04T20:29:27.434890+00:00	GitLab Importer	Affected by	VCID-ru3j-21j8-ayhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2020-9280.yml	38.6.0
2026-06-04T20:27:19.112940+00:00	GitLab Importer	Fixing	VCID-5dt7-nc8t-nqgh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2019-19325.yml	38.6.0