Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/silverstripe/framework@6.0.0-alpha1
purl pkg:composer/silverstripe/framework@6.0.0-alpha1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-4qq2-bbj1-8fdb Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message > [!IMPORTANT] > This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. > See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information. If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. ## References - https://www.silverstripe.org/download/security-releases/ss-2024-002 ## Reported by Gaurav Nayak from [Chaleit](https://chaleit.com/) GHSA-mqf3-qpc3-g26q
VCID-d1ap-2u1x-y7gg CVE-2024-53277
GHSA-ff6q-3c9c-6cf5
VCID-kcq9-5h99-abct CVE-2024-47605
GHSA-7cmp-cgg8-4c82

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T08:28:46.688516+00:00 GitLab Importer Fixing VCID-4qq2-bbj1-8fdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/GHSA-mqf3-qpc3-g26q.yml 38.6.0
2026-06-01T08:28:19.932130+00:00 GitLab Importer Fixing VCID-kcq9-5h99-abct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2024-47605.yml 38.6.0
2026-06-01T08:28:08.286990+00:00 GitLab Importer Fixing VCID-d1ap-2u1x-y7gg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/silverstripe/framework/CVE-2024-53277.yml 38.6.0