Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/silverstripe/admin@1.0.3
Typecomposer
Namespacesilverstripe
Nameadmin
Version1.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.13.19
Latest_non_vulnerable_version2.3.0-rc1
Affected_by_vulnerabilities
0
url VCID-116r-5a94-fuds
vulnerability_id VCID-116r-5a94-fuds
summary 
Silverstripe admin XSS Vulnerability via WYSIWYG editor
It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml
1
reference_url https://github.com/silverstripe/silverstripe-admin
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2018-004
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2018-004
3
reference_url https://github.com/advisories/GHSA-779c-7w4p-2c4g
reference_id GHSA-779c-7w4p-2c4g
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-779c-7w4p-2c4g
fixed_packages
0
url pkg:composer/silverstripe/admin@1.0.4
purl pkg:composer/silverstripe/admin@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-kfgu-7y1x-vugs
3
vulnerability VCID-pq29-qe7h-tkcp
4
vulnerability VCID-r237-7hnx-kbeq
5
vulnerability VCID-tc2y-zrea-vyb2
6
vulnerability VCID-udzs-xehs-d3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.0.4
1
url pkg:composer/silverstripe/admin@1.1.1
purl pkg:composer/silverstripe/admin@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-kfgu-7y1x-vugs
3
vulnerability VCID-pq29-qe7h-tkcp
4
vulnerability VCID-r237-7hnx-kbeq
5
vulnerability VCID-tc2y-zrea-vyb2
6
vulnerability VCID-udzs-xehs-d3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.1.1
aliases GHSA-779c-7w4p-2c4g
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-116r-5a94-fuds
1
url VCID-a2ds-v3du-3qcm
vulnerability_id VCID-a2ds-v3du-3qcm
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in silverstripe/admin.
references
0
reference_url https://github.com/advisories/GHSA-w7jx-j77m-wp65
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w7jx-j77m-wp65
1
reference_url https://github.com/silverstripe/silverstripe-admin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin
2
reference_url https://github.com/silverstripe/silverstripe-admin/commit/cafc1c4de58f1553b019dc2f8a62f835cabdbeb2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/cafc1c4de58f1553b019dc2f8a62f835cabdbeb2
3
reference_url https://github.com/advisories/GHSA-4q66-g4mm-8rg5
reference_id GHSA-4q66-g4mm-8rg5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4q66-g4mm-8rg5
4
reference_url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-4q66-g4mm-8rg5
reference_id GHSA-4q66-g4mm-8rg5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-4q66-g4mm-8rg5
5
reference_url https://github.com/advisories/GHSA-5h9g-x5rv-25wg
reference_id GHSA-5h9g-x5rv-25wg
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5h9g-x5rv-25wg
fixed_packages
0
url pkg:composer/silverstripe/admin@1.13.6
purl pkg:composer/silverstripe/admin@1.13.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r237-7hnx-kbeq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.13.6
aliases GHSA-4q66-g4mm-8rg5, GMS-2023-1800
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2ds-v3du-3qcm
2
url VCID-k6d6-ebmd-jufu
vulnerability_id VCID-k6d6-ebmd-jufu
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in silverstripe/admin.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2023-002.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2023-002.yaml
1
reference_url https://github.com/silverstripe/silverstripe-admin
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin
2
reference_url https://www.silverstripe.org/download/security-releases/SS-2023-002
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/SS-2023-002
3
reference_url https://github.com/advisories/GHSA-jxcx-3h54-qqxx
reference_id GHSA-jxcx-3h54-qqxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jxcx-3h54-qqxx
fixed_packages
0
url pkg:composer/silverstripe/admin@1.13.6
purl pkg:composer/silverstripe/admin@1.13.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r237-7hnx-kbeq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.13.6
aliases GHSA-jxcx-3h54-qqxx, GMS-2023-1964
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d6-ebmd-jufu
3
url VCID-kfgu-7y1x-vugs
vulnerability_id VCID-kfgu-7y1x-vugs
summary 
URL XSS vulnerability due to outdated jquery in CMS
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38146
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55233
published_at 2026-04-13T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.55208
published_at 2026-04-02T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.55232
published_at 2026-04-04T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.5521
published_at 2026-04-07T12:55:00Z
4
value 0.00322
scoring_system epss
scoring_elements 0.55259
published_at 2026-04-08T12:55:00Z
5
value 0.00322
scoring_system epss
scoring_elements 0.5526
published_at 2026-04-09T12:55:00Z
6
value 0.00322
scoring_system epss
scoring_elements 0.55272
published_at 2026-04-11T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55251
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38146
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:22:17Z/
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2022-38146.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2022-38146.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38146
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38146
4
reference_url https://www.silverstripe.org/blog/tag/release
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:22:17Z/
url https://www.silverstripe.org/blog/tag/release
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/CVE-2022-38146
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:22:17Z/
url https://www.silverstripe.org/download/security-releases/CVE-2022-38146
7
reference_url https://github.com/advisories/GHSA-44xv-v98g-v79f
reference_id GHSA-44xv-v98g-v79f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44xv-v98g-v79f
fixed_packages
0
url pkg:composer/silverstripe/admin@1.11.3
purl pkg:composer/silverstripe/admin@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-r237-7hnx-kbeq
3
vulnerability VCID-udzs-xehs-d3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.11.3
aliases CVE-2022-38146, GHSA-44xv-v98g-v79f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfgu-7y1x-vugs
4
url VCID-pq29-qe7h-tkcp
vulnerability_id VCID-pq29-qe7h-tkcp
summary 
Silverstripe Flash Clipboard Reflected XSS
SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.59302
published_at 2026-04-02T12:55:00Z
1
value 0.00378
scoring_system epss
scoring_elements 0.59338
published_at 2026-04-13T12:55:00Z
2
value 0.00378
scoring_system epss
scoring_elements 0.59228
published_at 2026-04-01T12:55:00Z
3
value 0.00378
scoring_system epss
scoring_elements 0.59356
published_at 2026-04-12T12:55:00Z
4
value 0.00378
scoring_system epss
scoring_elements 0.59373
published_at 2026-04-11T12:55:00Z
5
value 0.00378
scoring_system epss
scoring_elements 0.59353
published_at 2026-04-09T12:55:00Z
6
value 0.00378
scoring_system epss
scoring_elements 0.59341
published_at 2026-04-08T12:55:00Z
7
value 0.00378
scoring_system epss
scoring_elements 0.5929
published_at 2026-04-07T12:55:00Z
8
value 0.00378
scoring_system epss
scoring_elements 0.59325
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12205
1
reference_url https://forum.silverstripe.org/c/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forum.silverstripe.org/c/releases
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml
3
reference_url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12205
5
reference_url https://www.silverstripe.org/download/security-releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases
6
reference_url https://www.silverstripe.org/download/security-releases/
reference_id
reference_type
scores
url https://www.silverstripe.org/download/security-releases/
7
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/cve-2019-12205
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2019-12205
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*
10
reference_url https://www.silverstripe.org/download/security-releases/cve-2019-12205/
reference_id CVE-2019-12205
reference_type
scores
url https://www.silverstripe.org/download/security-releases/cve-2019-12205/
11
reference_url https://github.com/advisories/GHSA-rfvw-5848-gxc5
reference_id GHSA-rfvw-5848-gxc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfvw-5848-gxc5
fixed_packages
0
url pkg:composer/silverstripe/admin@1.3.5
purl pkg:composer/silverstripe/admin@1.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-kfgu-7y1x-vugs
3
vulnerability VCID-r237-7hnx-kbeq
4
vulnerability VCID-tc2y-zrea-vyb2
5
vulnerability VCID-udzs-xehs-d3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.3.5
aliases CVE-2019-12205, GHSA-rfvw-5848-gxc5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp
5
url VCID-r237-7hnx-kbeq
vulnerability_id VCID-r237-7hnx-kbeq
summary 
No permission checks for editing/deleting records with CSV import form
### Impact
Users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions.

The likelyhood of a user having create permissions but _not_ having edit or delete permissions is low, but it _is_ possible.

Note that this doesn't affect any `ModelAdmin` which has had the import form disabled via the [`showImportForm` public property](https://api.silverstripe.org/4/SilverStripe/Admin/ModelAdmin.html#property_showImportForm), nor does it impact the `SecurityAdmin` section.

#### Action may be required

If you have a custom implementation of [`BulkLoader`](https://api.silverstripe.org/4/SilverStripe/Dev/BulkLoader.html), you should update your implementation to respect permissions when the return value of [`getCheckPermissions()`](https://api.silverstripe.org/4/SilverStripe/Dev/BulkLoader.html#method_getCheckPermissions) is true.

If you are using any `BulkLoader` in your own project logic, or maintain a module which uses it, you should consider passing `true` to [`setCheckPermissions()`](https://api.silverstripe.org/4/SilverStripe/Dev/BulkLoader.html#method_setCheckPermissions) if the data is provided by users.

**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C&version=3.1)
**Reported by:** Guy Sartorelli from Silverstripe

### References
- https://www.silverstripe.org/download/security-releases/CVE-2023-49783
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49783
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.35039
published_at 2026-04-04T12:55:00Z
1
value 0.00146
scoring_system epss
scoring_elements 0.34936
published_at 2026-04-13T12:55:00Z
2
value 0.00146
scoring_system epss
scoring_elements 0.3496
published_at 2026-04-12T12:55:00Z
3
value 0.00146
scoring_system epss
scoring_elements 0.34996
published_at 2026-04-11T12:55:00Z
4
value 0.00146
scoring_system epss
scoring_elements 0.34992
published_at 2026-04-09T12:55:00Z
5
value 0.00146
scoring_system epss
scoring_elements 0.34963
published_at 2026-04-08T12:55:00Z
6
value 0.00146
scoring_system epss
scoring_elements 0.34918
published_at 2026-04-07T12:55:00Z
7
value 0.00146
scoring_system epss
scoring_elements 0.35012
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49783
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2023-49783.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2023-49783.yaml
2
reference_url https://github.com/silverstripeltd/product-issues/issues/832
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripeltd/product-issues/issues/832
3
reference_url https://github.com/silverstripe-security/security-issues/issues/177
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe-security/security-issues/issues/177
4
reference_url https://github.com/silverstripe/silverstripe-admin
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin
5
reference_url https://github.com/silverstripe/silverstripe-admin/commit/9693130a0a637cdf512277cf5f07e83250b191db
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/commit/9693130a0a637cdf512277cf5f07e83250b191db
6
reference_url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-j3m6-gvm8-mhvw
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T21:29:24Z/
url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-j3m6-gvm8-mhvw
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49783
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49783
8
reference_url https://www.silverstripe.org/download/security-releases/CVE-2023-49783
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T21:29:24Z/
url https://www.silverstripe.org/download/security-releases/CVE-2023-49783
9
reference_url https://github.com/advisories/GHSA-j3m6-gvm8-mhvw
reference_id GHSA-j3m6-gvm8-mhvw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j3m6-gvm8-mhvw
fixed_packages
0
url pkg:composer/silverstripe/admin@1.13.19
purl pkg:composer/silverstripe/admin@1.13.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.13.19
1
url pkg:composer/silverstripe/admin@2.0.0-alpha1
purl pkg:composer/silverstripe/admin@2.0.0-alpha1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@2.0.0-alpha1
2
url pkg:composer/silverstripe/admin@2.1.8
purl pkg:composer/silverstripe/admin@2.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@2.1.8
3
url pkg:composer/silverstripe/admin@2.3.0-rc1
purl pkg:composer/silverstripe/admin@2.3.0-rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@2.3.0-rc1
aliases CVE-2023-49783, GHSA-j3m6-gvm8-mhvw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r237-7hnx-kbeq
6
url VCID-tc2y-zrea-vyb2
vulnerability_id VCID-tc2y-zrea-vyb2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
reference_id
reference_type
scores
0
value 0.00372
scoring_system epss
scoring_elements 0.5896
published_at 2026-04-13T12:55:00Z
1
value 0.00372
scoring_system epss
scoring_elements 0.58857
published_at 2026-04-01T12:55:00Z
2
value 0.00372
scoring_system epss
scoring_elements 0.58932
published_at 2026-04-02T12:55:00Z
3
value 0.00372
scoring_system epss
scoring_elements 0.58954
published_at 2026-04-04T12:55:00Z
4
value 0.00372
scoring_system epss
scoring_elements 0.5892
published_at 2026-04-07T12:55:00Z
5
value 0.00372
scoring_system epss
scoring_elements 0.58972
published_at 2026-04-08T12:55:00Z
6
value 0.00372
scoring_system epss
scoring_elements 0.58978
published_at 2026-04-09T12:55:00Z
7
value 0.00372
scoring_system epss
scoring_elements 0.58997
published_at 2026-04-11T12:55:00Z
8
value 0.00372
scoring_system epss
scoring_elements 0.58979
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36150
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml
2
reference_url https://github.com/silverstripe/silverstripe-framework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework
3
reference_url https://github.com/silverstripe/silverstripe-framework/releases
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-framework/releases
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36150
5
reference_url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
reference_id CVE-2021-36150
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/CVE-2021-36150
6
reference_url https://github.com/advisories/GHSA-j66h-cc96-c32q
reference_id GHSA-j66h-cc96-c32q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j66h-cc96-c32q
fixed_packages
0
url pkg:composer/silverstripe/admin@1.8.1
purl pkg:composer/silverstripe/admin@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-kfgu-7y1x-vugs
3
vulnerability VCID-r237-7hnx-kbeq
4
vulnerability VCID-udzs-xehs-d3cd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.8.1
aliases CVE-2021-36150, GHSA-j66h-cc96-c32q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2
7
url VCID-udzs-xehs-d3cd
vulnerability_id VCID-udzs-xehs-d3cd
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in silverstripe/admin.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2023-001.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2023-001.yaml
1
reference_url https://github.com/silverstripe/silverstripe-admin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin
2
reference_url https://www.silverstripe.org/download/security-releases/ss-2023-001
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.silverstripe.org/download/security-releases/ss-2023-001
3
reference_url https://www.tiny.cloud/docs/release-notes/release-notes54/#securityfixes
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.tiny.cloud/docs/release-notes/release-notes54/#securityfixes
4
reference_url https://github.com/advisories/GHSA-vrv8-v4w8-f95h
reference_id GHSA-vrv8-v4w8-f95h
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vrv8-v4w8-f95h
5
reference_url https://github.com/advisories/GHSA-wqm8-jx8r-8rcq
reference_id GHSA-wqm8-jx8r-8rcq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqm8-jx8r-8rcq
6
reference_url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-wqm8-jx8r-8rcq
reference_id GHSA-wqm8-jx8r-8rcq
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/silverstripe/silverstripe-admin/security/advisories/GHSA-wqm8-jx8r-8rcq
fixed_packages
0
url pkg:composer/silverstripe/admin@1.12.7
purl pkg:composer/silverstripe/admin@1.12.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a2ds-v3du-3qcm
1
vulnerability VCID-k6d6-ebmd-jufu
2
vulnerability VCID-r237-7hnx-kbeq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.12.7
aliases GHSA-wqm8-jx8r-8rcq, GMS-2023-1193
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udzs-xehs-d3cd
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/admin@1.0.3