Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/silverstripe/framework@5.3.23
purl pkg:composer/silverstripe/framework@5.3.23
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-a3yc-fxa1-gfhy Silverstripe Framework has a XSS vulnerability in HTML editor ### Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this attack. ### Reported by James Nicoll from Fujitsu Cyber ### References - https://www.silverstripe.org/download/security-releases/cve-2025-30148 CVE-2025-30148
GHSA-rhx4-hvx9-j387
VCID-qjgf-hxng-j3g9 Silverstripe Framework user enumeration via timing attack on login and password reset forms ### Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ ### References - https://www.silverstripe.org/download/security-releases/ss-2017-005 - https://www.silverstripe.org/download/security-releases/ss-2025-001 GHSA-256q-hx8w-xcqx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:26:29.459851+00:00 GitLab Importer Fixing VCID-a3yc-fxa1-gfhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2025-30148.yml 38.4.0
2026-04-16T23:26:26.974286+00:00 GitLab Importer Fixing VCID-qjgf-hxng-j3g9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-256q-hx8w-xcqx.yml 38.4.0
2026-04-12T00:45:55.906249+00:00 GitLab Importer Fixing VCID-a3yc-fxa1-gfhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2025-30148.yml 38.3.0
2026-04-12T00:45:53.176524+00:00 GitLab Importer Fixing VCID-qjgf-hxng-j3g9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-256q-hx8w-xcqx.yml 38.3.0
2026-04-07T04:57:35.310275+00:00 GHSA Importer Fixing VCID-qjgf-hxng-j3g9 https://github.com/advisories/GHSA-256q-hx8w-xcqx 38.1.0
2026-04-07T04:57:35.241220+00:00 GHSA Importer Fixing VCID-a3yc-fxa1-gfhy https://github.com/advisories/GHSA-rhx4-hvx9-j387 38.1.0
2026-04-03T00:53:53.688745+00:00 GitLab Importer Fixing VCID-a3yc-fxa1-gfhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2025-30148.yml 38.1.0
2026-04-03T00:53:50.857184+00:00 GitLab Importer Fixing VCID-qjgf-hxng-j3g9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-256q-hx8w-xcqx.yml 38.1.0
2026-04-02T12:41:15.874087+00:00 GitLab Importer Fixing VCID-a3yc-fxa1-gfhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2025-30148.yml 38.0.0
2026-04-02T12:41:15.775707+00:00 GitLab Importer Fixing VCID-qjgf-hxng-j3g9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-256q-hx8w-xcqx.yml 38.0.0
2026-04-01T12:54:55.822833+00:00 GithubOSV Importer Fixing VCID-qjgf-hxng-j3g9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-256q-hx8w-xcqx/GHSA-256q-hx8w-xcqx.json 38.0.0
2026-04-01T12:54:49.762310+00:00 GithubOSV Importer Fixing VCID-a3yc-fxa1-gfhy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-rhx4-hvx9-j387/GHSA-rhx4-hvx9-j387.json 38.0.0