{"url":"http://public2.vulnerablecode.io/api/packages/150641?format=json","purl":"pkg:composer/silverstripe/framework@3.1.3-rc1","type":"composer","namespace":"silverstripe","name":"framework","version":"3.1.3-rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.3.23","latest_non_vulnerable_version":"6.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55376?format=json","vulnerability_id":"VCID-2f9j-ek3x-kbc5","summary":"Silverstripe CMS XSS Vulnerability\nIn SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56934","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56939","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56966","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56957","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311/","reference_id":"CVE-2020-9311","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311/"},{"reference_url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x","reference_id":"GHSA-2pw2-qpcp-m47x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82485?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"}],"aliases":["CVE-2020-9311","GHSA-2pw2-qpcp-m47x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12481?format=json","vulnerability_id":"VCID-2rbk-47h6-d7d8","summary":"Business Logic Errors in GitHub repository silverstripe/silverstripe-framework","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2"},{"reference_url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227","reference_id":"CVE-2022-0227","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227"},{"reference_url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8","reference_id":"GHSA-32m2-9f76-4gv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44747?format=json","purl":"pkg:composer/silverstripe/framework@4.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1"}],"aliases":["CVE-2022-0227","GHSA-32m2-9f76-4gv8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbk-47h6-d7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19212?format=json","vulnerability_id":"VCID-35rh-ebhv-k3ds","summary":"Silverstripe IE requests not properly behaving with rewritehashlinks\nNon IE browsers don’t appear to be affected, but I haven’t tested a wide range of browsers to be sure \n\nRequests that come through from IE do NOT appear to encode all entities in the URL string, meaning they are inserted into output content directly by SSViewer::process() when rewriting hashlinks, as it directly outputs $_SERVER[‘REQUEST_URI’]\n\n**Example IE8 request**\n127.0.0.1 - - [18/Jun/2014:14:13:42 +1000] “GET /site/cars/brands/toyota?one=1\\”onmouseover=\\”alert(‘things’);\\” HTTP/1.1” 200\n\n**Example FF request**\n127.0.0.1 - - [18/Jun/2014:14:14:22 +1000] “GET /site/cars/brands/toyota?one=1\\%22onmouseover=\\%22alert(%27things%27);\\%22 HTTP/1.1” 200\n\nThis causes any hash anchor to have the JS code inserted into the page as-is.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-015-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks"},{"reference_url":"https://github.com/advisories/GHSA-5f5v-5c3v-gw5v","reference_id":"GHSA-5f5v-5c3v-gw5v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f5v-5c3v-gw5v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["GHSA-5f5v-5c3v-gw5v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35rh-ebhv-k3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7200?format=json","vulnerability_id":"VCID-3pwx-7wzy-qbdw","summary":"Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.","references":[{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-027/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-027/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-027"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwx-7wzy-qbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7068?format=json","vulnerability_id":"VCID-3yq9-432a-p7bq","summary":"Cross-site Scripting\nXSS In GridField print.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-006-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq9-432a-p7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11325?format=json","vulnerability_id":"VCID-414d-7bfm-kud7","summary":"Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37972","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38154","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38097","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23911?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17411?format=json","vulnerability_id":"VCID-4f9c-aun4-wfep","summary":"Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63903","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63936","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63949","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63919","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00457","scoring_system":"epss","scoring_elements":"0.63911","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728","reference_id":"CVE-2023-22728","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728"},{"reference_url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57348?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22728","GHSA-jh3w-6jp2-vqqm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53401?format=json","vulnerability_id":"VCID-4x32-t75c-u3bj","summary":"Silverstipe CMS Stored XSS in custom meta tags\nA malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.\nThis requires CMS access to exploit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5521","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55259","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5526","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55272","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55251","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421","reference_id":"CVE-2022-37421","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421"},{"reference_url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf","reference_id":"GHSA-pp74-g2q5-j4jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/342277?format=json","purl":"pkg:composer/silverstripe/framework@4.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3"}],"aliases":["CVE-2022-37421","GHSA-pp74-g2q5-j4jf","GMS-2022-6855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7305?format=json","vulnerability_id":"VCID-5k79-mfyz-xqhu","summary":"SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-003/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2016-003-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5k79-mfyz-xqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18553?format=json","vulnerability_id":"VCID-5pkg-j4wg-7fcn","summary":"Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml"},{"reference_url":"https://github.com/github/advisory-database/pull/2575","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/2575"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302","reference_id":"CVE-2023-32302","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302"},{"reference_url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"GHSA-36xx-7vf6-7mv3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"GHSA-36xx-7vf6-7mv3","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59209?format=json","purl":"pkg:composer/silverstripe/framework@4.13.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14"},{"url":"http://public2.vulnerablecode.io/api/packages/59210?format=json","purl":"pkg:composer/silverstripe/framework@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13"}],"aliases":["CVE-2023-32302","GHSA-36xx-7vf6-7mv3"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51104?format=json","vulnerability_id":"VCID-6du5-hdvd-fueb","summary":"Session fixation in change password form\nSilverStripe through 4.3.3 allows session fixation in the \"change password\" form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16985","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16838","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16817","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16911","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1704","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79064?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/79063?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73303?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6du5-hdvd-fueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25920?format=json","vulnerability_id":"VCID-6epx-c68d-d7bv","summary":"Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-53277\n\n## Reported by\n\nLeo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77739","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77755","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.7775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77781","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277"},{"reference_url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"GHSA-ff6q-3c9c-6cf5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69179?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/739694?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-53277","GHSA-ff6q-3c9c-6cf5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7385?format=json","vulnerability_id":"VCID-6j2p-tzvx-9bdj","summary":"Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989"},{"reference_url":"http://stackoverflow.com/a/15350123","reference_id":"","reference_type":"","scores":[],"url":"http://stackoverflow.com/a/15350123"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22313?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22311?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/22317?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22315?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j2p-tzvx-9bdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59683?format=json","vulnerability_id":"VCID-7dk3-gcup-2kc9","summary":"SilverStripe XXE Vulnerability in CSSContentParser\nSilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5743","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57415","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5728","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57413","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817"},{"reference_url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8","reference_id":"GHSA-3vjc-5x79-m9r8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/251449?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/80943?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-25817","GHSA-3vjc-5x79-m9r8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dk3-gcup-2kc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14328?format=json","vulnerability_id":"VCID-86yd-4mkt-hydr","summary":"Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter\n### Impact\nIf a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.\n\n**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)\n**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)\n\n### References\n- https://www.silverstripe.org/download/security-releases/CVE-2023-48714","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45378","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45369","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45323","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714"},{"reference_url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"GHSA-qm2j-qvq3-j29v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50544?format=json","purl":"pkg:composer/silverstripe/framework@4.13.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39"},{"url":"http://public2.vulnerablecode.io/api/packages/50545?format=json","purl":"pkg:composer/silverstripe/framework@5.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11"}],"aliases":["CVE-2023-48714","GHSA-qm2j-qvq3-j29v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7482?format=json","vulnerability_id":"VCID-8wbx-bvm9-jqcv","summary":"ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22998?format=json","purl":"pkg:composer/silverstripe/framework@3.4.10-stable","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-011"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wbx-bvm9-jqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25373?format=json","vulnerability_id":"VCID-a3yc-fxa1-gfhy","summary":"Silverstripe Framework has a XSS vulnerability in HTML editor\n### Impact\n\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.\n\n### Reported by\n\nJames Nicoll from Fujitsu Cyber\n\n### References\n\n- https://www.silverstripe.org/download/security-releases/cve-2025-30148","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37948","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37914","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37901","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37974","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37868","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37893","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37929","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/pull/11682","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/pull/11682"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148"},{"reference_url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387","reference_id":"GHSA-rhx4-hvx9-j387","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68612?format=json","purl":"pkg:composer/silverstripe/framework@5.3.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23"}],"aliases":["CVE-2025-30148","GHSA-rhx4-hvx9-j387"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7113?format=json","vulnerability_id":"VCID-a9qn-hsax-uke7","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145581?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9qn-hsax-uke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8720?format=json","vulnerability_id":"VCID-ab5z-bqka-xudb","summary":"Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43675","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43762","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4373","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"CVE-2017-18049","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"},{"reference_url":"https://github.com/advisories/GHSA-2jvj-mhf2-g99w","reference_id":"GHSA-2jvj-mhf2-g99w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2jvj-mhf2-g99w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167503?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/26304?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/167506?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/26305?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/167507?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6xwk-ee7f-5ubd"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/26306?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ab5z-bqka-xudb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45965?format=json","vulnerability_id":"VCID-ajga-3b99-yugh","summary":"Authentication bypass in SilverStripe GraphQL\nThe GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.\n\nBasic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\\Graphql\\Auth\\Handler","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44182","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44176","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44193","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44118","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44206","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136"},{"reference_url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2","reference_id":"GHSA-mg2g-8pwj-r2j2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/251449?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"}],"aliases":["CVE-2020-26136","GHSA-mg2g-8pwj-r2j2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajga-3b99-yugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25895?format=json","vulnerability_id":"VCID-axxx-gpfn-mqc9","summary":"Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"GHSA-mqf3-qpc3-g26q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69179?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/739694?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["GHSA-mqf3-qpc3-g26q"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51150?format=json","vulnerability_id":"VCID-bdcq-z11u-zyh5","summary":"Lack of access control on upoaded files\nSilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48744","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48806","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48832","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48818","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48763","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48783","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79064?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/79063?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/79091?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdcq-z11u-zyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8179?format=json","vulnerability_id":"VCID-c3vp-kc9a-vkhn","summary":"Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.","references":[{"reference_url":"http://lists.openwall.net/full-disclosure/2017/09/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openwall.net/full-disclosure/2017/09/14/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59047","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59173","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5919","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59143","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59172","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498"},{"reference_url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"},{"reference_url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498","reference_id":"CVE-2017-14498","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498"},{"reference_url":"https://github.com/advisories/GHSA-j696-6m57-mcrv","reference_id":"GHSA-j696-6m57-mcrv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j696-6m57-mcrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/164562?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/24698?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-14498","GHSA-j696-6m57-mcrv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vp-kc9a-vkhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20043?format=json","vulnerability_id":"VCID-cc1b-b6sm-zbcw","summary":"Silverstripe Form field validation message XSS vulnerability\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.\n\nCertain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-026-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-026","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-026"},{"reference_url":"https://github.com/advisories/GHSA-j982-5jv7-v43r","reference_id":"GHSA-j982-5jv7-v43r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j982-5jv7-v43r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21275?format=json","purl":"pkg:composer/silverstripe/framework@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"}],"aliases":["GHSA-j982-5jv7-v43r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cc1b-b6sm-zbcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19533?format=json","vulnerability_id":"VCID-cd1f-emnn-zkbe","summary":"Silverstripe XSS in TreeDropdownField and TreeMultiSelectField\nA cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField.\n\nThis vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields.\n\nThis has been resolved by ensuring that all dataobjects used as a data source have their content safely encoded.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-004-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-004-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/89c14d079d3a130d6c4029af596262528ce53925","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/89c14d079d3a130d6c4029af596262528ce53925"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004"},{"reference_url":"https://github.com/advisories/GHSA-r32j-mr8p-hfp8","reference_id":"GHSA-r32j-mr8p-hfp8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r32j-mr8p-hfp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["GHSA-r32j-mr8p-hfp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cd1f-emnn-zkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10759?format=json","vulnerability_id":"VCID-cdgj-bdpy-ukak","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42112","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42152","published_at":"2026-04-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42124","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"},{"reference_url":"https://github.com/advisories/GHSA-fx37-56v6-85q6","reference_id":"GHSA-fx37-56v6-85q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx37-56v6-85q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdgj-bdpy-ukak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19859?format=json","vulnerability_id":"VCID-cg3k-vmk4-5kdb","summary":"silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL\nIn follow up to [SS-2016-001](https://www.silverstripe.org/download/security-releases/ss-2016-001/) there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016"},{"reference_url":"https://github.com/advisories/GHSA-r85g-7jpv-8xrx","reference_id":"GHSA-r85g-7jpv-8xrx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r85g-7jpv-8xrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23305?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/23306?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23307?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23308?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["GHSA-r85g-7jpv-8xrx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg3k-vmk4-5kdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=json","vulnerability_id":"VCID-cq8a-jun5-q3hh","summary":"Potential SQL Injection Vulnerability in silverstripe.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-011-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cq8a-jun5-q3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19392?format=json","vulnerability_id":"VCID-dg5e-tkef-buab","summary":"Silverstripe framework is vulnerable to XSS in install.php\nDuring installation, certain parameters (admin_username and admin_password) are not escaped in the setup form.\n\nThis issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-016-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-016-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/4c73721bab0d543eee6137e3c00aa8ec727e95d1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/4c73721bab0d543eee6137e3c00aa8ec727e95d1"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016"},{"reference_url":"https://github.com/advisories/GHSA-mqf5-275h-gf6r","reference_id":"GHSA-mqf5-275h-gf6r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqf5-275h-gf6r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21211?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["GHSA-mqf5-275h-gf6r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg5e-tkef-buab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7386?format=json","vulnerability_id":"VCID-dgn7-zmwr-u3c6","summary":"CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-029","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22313?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22311?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/22317?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22315?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2015-029"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgn7-zmwr-u3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7197?format=json","vulnerability_id":"VCID-dq8q-6agw-g3d5","summary":"Improper Input Validation\n`HtmlEditor` improper URL sanitisation.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-027-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dq8q-6agw-g3d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7481?format=json","vulnerability_id":"VCID-dx5f-g875-5bct","summary":"Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22960?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22963?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-014"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx5f-g875-5bct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19994?format=json","vulnerability_id":"VCID-eaqw-9k5p-pybr","summary":"Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter\nGridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.\n\nThe resolution for this issue is to ensure that all gridFieldAlterAction submissions are checked for the SecurityID token during submission.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-002-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/013524af5069bb0cf909853f04418d9bef56d18c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e2c77c5a8f13e901c51a3684210811559b592f0c"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-002","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-002"},{"reference_url":"https://github.com/advisories/GHSA-2hpc-mf4q-j885","reference_id":"GHSA-2hpc-mf4q-j885","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hpc-mf4q-j885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61364?format=json","purl":"pkg:composer/silverstripe/framework@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-2hpc-mf4q-j885"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqw-9k5p-pybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33514?format=json","vulnerability_id":"VCID-eddc-w9wx-c3gq","summary":"Broken access control on files\nIn SilverStripe assets 4.0, there is broken access control on files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56436","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5649","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5644","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56338","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f","reference_id":"GHSA-43jj-2rwc-2m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167507?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6xwk-ee7f-5ubd"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/26306?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73303?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eddc-w9wx-c3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7168?format=json","vulnerability_id":"VCID-ehd6-y3gw-fufu","summary":"Cross-site Scripting\nXSS in `install.php`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21211?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"}],"aliases":["SS-2015-016-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehd6-y3gw-fufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53327?format=json","vulnerability_id":"VCID-enkd-4y44-4ueq","summary":"FormField with square brackets in field name skips validation\nFileField with array notation skips validation\n\nThe FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.\n\nPHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.\n\nIn this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52598","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52539","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52566","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52532","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52584","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52629","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52612","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52493","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/","reference_id":"CVE-2020-26138","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/"},{"reference_url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44","reference_id":"GHSA-7mv4-4xpg-xq44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/251449?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/80943?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-26138","GHSA-7mv4-4xpg-xq44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7064?format=json","vulnerability_id":"VCID-f7pc-s4mk-r7br","summary":"Cross-site Scripting\nXSS In FormAction.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-007-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7pc-s4mk-r7br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7203?format=json","vulnerability_id":"VCID-fff2-h9gn-9qhu","summary":"XSS vulnerability in form field validation\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.","references":[{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-026/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-026/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21275?format=json","purl":"pkg:composer/silverstripe/framework@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-026"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fff2-h9gn-9qhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51114?format=json","vulnerability_id":"VCID-fpb7-5pwu-tyg5","summary":"SilverStripe Priviledge escalation through cache pollution\nIn SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5359","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53674","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53659","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53691","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73303?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpb7-5pwu-tyg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57519?format=json","vulnerability_id":"VCID-fyxa-vzeq-ubeq","summary":"SilverStripe Web Cache Poisoning through HTTPRequestBuilder\nSilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43362","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43409","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.433","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326"},{"reference_url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m","reference_id":"GHSA-q9ff-3q93-fm8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82485?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/82300?format=json","purl":"pkg:composer/silverstripe/framework@4.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/82301?format=json","purl":"pkg:composer/silverstripe/framework@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4"}],"aliases":["CVE-2019-19326","GHSA-q9ff-3q93-fm8m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7114?format=json","vulnerability_id":"VCID-gw2k-419z-t7h5","summary":"Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-014-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw2k-419z-t7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7478?format=json","vulnerability_id":"VCID-hgkh-tcdc-ufd5","summary":"Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22960?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22963?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-012"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgkh-tcdc-ufd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7085?format=json","vulnerability_id":"VCID-j5hb-hw1t-nkh3","summary":"Cross-site Scripting\nXSS in `Director::force_redirect()`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-010-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5hb-hw1t-nkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7835?format=json","vulnerability_id":"VCID-j6ze-f76y-cqgy","summary":"Cross-site Scripting\nThere is an XSS in SilverStripe CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49955","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49941","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49972","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.4996","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49891","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49928","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49905","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197"},{"reference_url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96572"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197","reference_id":"CVE-2017-5197","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197"},{"reference_url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h","reference_id":"GHSA-xmjh-wjc5-wg4h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23844?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/23910?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23845?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/23911?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2017-5197","GHSA-xmjh-wjc5-wg4h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ze-f76y-cqgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7485?format=json","vulnerability_id":"VCID-k7bb-y315-4qb6","summary":"XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22960?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22963?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-015"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7bb-y315-4qb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17786?format=json","vulnerability_id":"VCID-kak1-btjp-kqgz","summary":"Silverstripe uses TinyMCE which allows svg files linked in object tags\n### Impact\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.\n\n### References:\n- https://www.silverstripe.org/download/security-releases/ss-2024-001\n- https://github.com/advisories/GHSA-5359-pvf2-pw78","references":[{"reference_url":"https://github.com/advisories/GHSA-5359-pvf2-pw78","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5359-pvf2-pw78"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-001","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-001"},{"reference_url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"GHSA-52cw-pvq9-9m5v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57580?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["GHSA-52cw-pvq9-9m5v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8357?format=json","vulnerability_id":"VCID-kdyk-rrrr-pufw","summary":"Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45873","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45874","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45878","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45822","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:3.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849","reference_id":"CVE-2017-12849","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf","reference_id":"GHSA-fwhr-g5r4-xgxf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/165356?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/25037?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/164562?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/24698?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-12849","GHSA-fwhr-g5r4-xgxf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyk-rrrr-pufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19403?format=json","vulnerability_id":"VCID-krjm-ygks-wyct","summary":"silverstripe/framework ReadOnly transformation for formfields exploitable\nForm fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default.\n\nSilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and doesn't overwrite data on form construction.\n\nReadonly and disabled form fields are already filtered out in Form->saveInto(), so maliciously submitted data on these fields doesn't make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-010-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8336cb96b9600dacafa8a525c92662345b52cfae"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010"},{"reference_url":"https://github.com/advisories/GHSA-97jm-g33h-f46g","reference_id":"GHSA-97jm-g33h-f46g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97jm-g33h-f46g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23305?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/23306?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23307?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23308?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["GHSA-97jm-g33h-f46g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krjm-ygks-wyct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7086?format=json","vulnerability_id":"VCID-kvfs-x2wd-p3h3","summary":"IE requests issue\nIE requests not properly behaving with `rewritehashlinks`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-015-ie-requests-not-properly-behaving-with-rewritehashlinks/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2014-015-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvfs-x2wd-p3h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25884?format=json","vulnerability_id":"VCID-kvhv-9fj5-7kgk","summary":"Silverstripe Framework has a XSS via insert media remote file oembed\n### Impact\n\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/cve-2024-47605\n\n## Reported by\n\nJames Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88367","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.884","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88397","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0398","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt","reference_id":"CVE-2024-47605","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt"},{"reference_url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"GHSA-7cmp-cgg8-4c82","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69179?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/739694?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-47605","GHSA-7cmp-cgg8-4c82"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25962?format=json","vulnerability_id":"VCID-kw9p-5fbc-hudg","summary":"Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3","reference_id":"GHSA-74j9-xhqr-6qv3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69179?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"}],"aliases":["GHSA-74j9-xhqr-6qv3"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54007?format=json","vulnerability_id":"VCID-kxa8-dmva-ayff","summary":"Quadratic blowup in Convert::xml2array()\nSilverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57282","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57387","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57364","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559"},{"reference_url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w","reference_id":"GHSA-9fmg-89fx-r33w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81457?format=json","purl":"pkg:composer/silverstripe/framework@4.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/319025?format=json","purl":"pkg:composer/silverstripe/framework@4.11.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1"}],"aliases":["CVE-2021-41559","GHSA-9fmg-89fx-r33w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxa8-dmva-ayff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15522?format=json","vulnerability_id":"VCID-kz63-ftzc-tudk","summary":"Silverstripe CMS Open Redirect\nOpen redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"},{"reference_url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5062","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.5722","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57369","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57352","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57327","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5062"},{"reference_url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419"},{"reference_url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062","reference_id":"CVE-2015-5062","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062"},{"reference_url":"https://github.com/advisories/GHSA-fh35-p8ph-p545","reference_id":"GHSA-fh35-p8ph-p545","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh35-p8ph-p545"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152952?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14-rc1"}],"aliases":["CVE-2015-5062","GHSA-fh35-p8ph-p545"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz63-ftzc-tudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6995?format=json","vulnerability_id":"VCID-mys2-zz4g-kygp","summary":"Uncontrolled Resource Consumption\nXML Quadratic Blowup vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2014-017-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mys2-zz4g-kygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19031?format=json","vulnerability_id":"VCID-nmmv-bdq9-dued","summary":"Silverstripe XSS in Director::force_redirect()\nA low level XSS vulnerability has been found in the Framework affecting http redirection via the Director::force_redirect method.\n\nAttempts to redirect to a url may generate HTML which is not safely escaped, and may pose a risk of XSS in some environments.\n\nThis vulnerability is marked low as it is difficult to exploit, as any injected HTML will only be returned from the server if the Location HTTP header is also sent, meaning that any user browsing the site would not be exposed to the body of the response before their browser redirects them.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-010-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-010-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ee9bddb808df6d27db4d56bb5d522dcfe6788715","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ee9bddb808df6d27db4d56bb5d522dcfe6788715"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-010-xss-in-directorforce-redirect"},{"reference_url":"https://github.com/advisories/GHSA-jqp8-v74p-g8px","reference_id":"GHSA-jqp8-v74p-g8px","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jqp8-v74p-g8px"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["GHSA-jqp8-v74p-g8px"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmmv-bdq9-dued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20014?format=json","vulnerability_id":"VCID-nyz7-hhm1-yqat","summary":"Silverstripe XSS In rewritten hash links\nA high level XSS vulnerability has been discovered in the SilverStripe framework which causes links containing hash anchors (E.g. href=\"#anchor\") to be rewritten in an unsafe way.\n\nThe rewriteHashlinks option on SSViewer will rewrite these to contain the current url, although without adequate escaping, meaning that HTML could be injected via injecting unsafe values to any page via the querystring.\n\nDue to the nature of this issue it is likely that a large number of SilverStripe sites are affected.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-009-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/604c32871202064a4aa12c3b3fd58140231685e5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/bdef4fc7a548c7c243ff86f2db7c16f301a6f120"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links"},{"reference_url":"https://github.com/advisories/GHSA-34q6-xqxh-gq39","reference_id":"GHSA-34q6-xqxh-gq39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34q6-xqxh-gq39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["GHSA-34q6-xqxh-gq39"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyz7-hhm1-yqat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10566?format=json","vulnerability_id":"VCID-p2kq-rkh6-ayeu","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5516","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5526","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55264","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55315","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55327","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55305","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-wvfw-w3x6-g526","reference_id":"GHSA-wvfw-w3x6-g526","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvfw-w3x6-g526"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35960?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pffp-vtk7-pqby"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/35961?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/35962?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/35963?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/35964?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/35965?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-658d-vmwt-f7e8"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7486?format=json","vulnerability_id":"VCID-p52e-s67u-eya7","summary":"Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22960?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22963?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p52e-s67u-eya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19177?format=json","vulnerability_id":"VCID-pg9r-huax-rqfv","summary":"Silverstripe XSS in dev/build returnURL Parameter\nA XSS risk exists in the returnURL parameter passed to dev/build. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.\n\nThis issue is resolved in framework 3.1.14 stable release.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-015-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/751d77386c3c6e354b521fa61ff142f95895cca8"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015"},{"reference_url":"https://github.com/advisories/GHSA-hq4p-5mpr-jj9m","reference_id":"GHSA-hq4p-5mpr-jj9m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hq4p-5mpr-jj9m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21211?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["GHSA-hq4p-5mpr-jj9m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pg9r-huax-rqfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54540?format=json","vulnerability_id":"VCID-pq29-qe7h-tkcp","summary":"Silverstripe Flash Clipboard Reflected XSS\nSilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59338","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59228","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59373","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59353","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59341","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59325","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205/","reference_id":"CVE-2019-12205","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205/"},{"reference_url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5","reference_id":"GHSA-rfvw-5848-gxc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/73303?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7066?format=json","vulnerability_id":"VCID-pvjn-ymze-1qbd","summary":"Cross-site Scripting\nTreeDropdownField and TreeMultiSelectField XSS.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-004-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjn-ymze-1qbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19046?format=json","vulnerability_id":"VCID-qbqp-fykw-s3b9","summary":"Silverstripe XSS In GridField print\nA cross-site scripting vulnerability has been discovered in the print view of  GridField.\n\nThis vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used.\n\nThis has been resolved by ensuring that the print feature safely escapes all fields.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-006-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-006-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cebc0d08c5cc8177c2462a963b76e5bc7827146d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cebc0d08c5cc8177c2462a963b76e5bc7827146d"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-006"},{"reference_url":"https://github.com/advisories/GHSA-88jp-9jrv-6368","reference_id":"GHSA-88jp-9jrv-6368","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-88jp-9jrv-6368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["GHSA-88jp-9jrv-6368"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbqp-fykw-s3b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17395?format=json","vulnerability_id":"VCID-qm38-1cwk-b3hq","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49554","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49592","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729","reference_id":"CVE-2023-22729","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729"},{"reference_url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57348?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22729","GHSA-fw84-xgm8-9jmv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7087?format=json","vulnerability_id":"VCID-r2k8-fccc-jfc2","summary":"Cross-site Scripting\nXSS In rewritten hash links.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-009-xss-in-rewritten-hash-links/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-009-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2k8-fccc-jfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7172?format=json","vulnerability_id":"VCID-sm51-m1g2-47dz","summary":"Privilege Escalation\nA member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.","references":[{"reference_url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-020/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-020/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21211?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["SS-2015-020"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sm51-m1g2-47dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19410?format=json","vulnerability_id":"VCID-sr5y-b8d8-3yd6","summary":"Silverstripe X-Forwarded-Host request hostname injection\nA potential hostname injection vulnerability has been found which could allow attackers to alter url resolution.\n\nIf a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an attacker to potentially embed a remote url as the base_url for any site. This would then cause other visitors to the site to be redirected unknowingly.\n\nThis header is necessary for servers running behind a reverse proxy (such as nginx). Such servers are likely not vulnerable to this risk.\n\nA fix has been merged into the default installer, although existing projects which do not run behind a reverse proxy should update their htaccess as below:\n```\n<IfModule mod_headers.c>\n    # Remove X-Forwarded-Host header sent as a part of any request from the web\n    RequestHeader unset X-Forwarded-Host\n</IfModule>\n```","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-013-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-013-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/75137dbab28c0efd28b07e50044a50c5af4e46aa","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/75137dbab28c0efd28b07e50044a50c5af4e46aa"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013"},{"reference_url":"https://github.com/advisories/GHSA-25gq-jvx2-vg9x","reference_id":"GHSA-25gq-jvx2-vg9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25gq-jvx2-vg9x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["GHSA-25gq-jvx2-vg9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr5y-b8d8-3yd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19812?format=json","vulnerability_id":"VCID-t17w-gcwe-eue4","summary":"Silverstripe HtmlEditor embed url sanitisation\n\"Add from URL\" doesn't clearly sanitise URL server side\n\nHtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media \"from a URL\" (i.e. via oembed).\n\nThis action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-027-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-027","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-027"},{"reference_url":"https://github.com/advisories/GHSA-qp29-wcc2-vmpc","reference_id":"GHSA-qp29-wcc2-vmpc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qp29-wcc2-vmpc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"}],"aliases":["GHSA-qp29-wcc2-vmpc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t17w-gcwe-eue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11326?format=json","vulnerability_id":"VCID-tc2y-zrea-vyb2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58857","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58954","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58972","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58978","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58997","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.58979","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150"},{"reference_url":"https://github.com/advisories/GHSA-j66h-cc96-c32q","reference_id":"GHSA-j66h-cc96-c32q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j66h-cc96-c32q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/263530?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/40630?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0"}],"aliases":["CVE-2021-36150","GHSA-j66h-cc96-c32q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20028?format=json","vulnerability_id":"VCID-te88-ws12-3bc8","summary":"Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers\nIn it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies.\n\nThe impact of spoofed headers can include Director::forceSSL() not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers.\n\nRegardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Request hostname forgery in order to opt-in to these protections. If your website is not behind a reverse proxy, you might already be protected if using Apache with mod_env enabled, and you have the following line in your .htaccess file: SetEnv BlockUntrustedIPs true.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-003-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/37059eb6b3546f304e9c031abca0f096ddb175c6"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/faa94d51d570788dcebc2f2ef6e9de4d179ce1e4"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-003","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-003"},{"reference_url":"https://github.com/advisories/GHSA-87pf-7x99-5xc4","reference_id":"GHSA-87pf-7x99-5xc4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87pf-7x99-5xc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61364?format=json","purl":"pkg:composer/silverstripe/framework@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-87pf-7x99-5xc4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te88-ws12-3bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57490?format=json","vulnerability_id":"VCID-tm1s-2m92-uyh9","summary":"SilverStripe asset-admin Cross-site Scripting (XSS)\nIn SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57275","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57342","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57327","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57325","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57274","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57194","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57298","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57322","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-jgw2-f5mx-rg7h","reference_id":"GHSA-jgw2-f5mx-rg7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgw2-f5mx-rg7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/167507?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6xwk-ee7f-5ubd"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/26306?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nes-cr3m-j3dv"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c75p-3hdz-q3b6"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ff5q-59gf-nugg"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-jx5m-bqc6-h3bv"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kxyq-vg6e-6uac"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p554-wkxw-gfdh"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qak9-2t7g-w3fv"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xnb4-zjws-vuhu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73303?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/73304?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm1s-2m92-uyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7382?format=json","vulnerability_id":"VCID-tuwu-cznx-jqdb","summary":"XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-001","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22313?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22311?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/22317?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22315?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuwu-cznx-jqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19897?format=json","vulnerability_id":"VCID-u2yt-tvtw-f3d6","summary":"Silverstripe External redirection risk in Security?ReturnURL\nA vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.\n\nFor example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with \"login failed\" then the user will likely just enter their user/pass again.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012"},{"reference_url":"https://github.com/advisories/GHSA-vp8p-c6xj-xpj7","reference_id":"GHSA-vp8p-c6xj-xpj7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp8p-c6xj-xpj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["GHSA-vp8p-c6xj-xpj7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2yt-tvtw-f3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54669?format=json","vulnerability_id":"VCID-u49v-31sv-eqc3","summary":"SilverStripe Denial of Service on flush and development URL tools\nSilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36415","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36352","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36283","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36448","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36225","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36322","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"},{"reference_url":"https://github.com/advisories/GHSA-5fr8-xhqq-4p3q","reference_id":"GHSA-5fr8-xhqq-4p3q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fr8-xhqq-4p3q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193726?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/81942?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cfgg-fgjt-z3hn"},{"vulnerability":"VCID-d5q3-jrdb-euav"},{"vulnerability":"VCID-dc9y-v257-6bhf"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-ftdr-uzuh-8ybc"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gme6-wj87-ekfw"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kd3t-2gzd-q3hq"},{"vulnerability":"VCID-kgm4-g26x-gken"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-m8w1-g9h9-vuce"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-ua49-snhx-dqa4"},{"vulnerability":"VCID-w4fh-cpaq-nqat"},{"vulnerability":"VCID-xw77-b18v-8kc4"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u49v-31sv-eqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7196?format=json","vulnerability_id":"VCID-ur9h-h6mw-fbdh","summary":"Cross-site Scripting\nForm field validation message XSS vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21252?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-026-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9h-h6mw-fbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7116?format=json","vulnerability_id":"VCID-v4g3-knhd-wqa7","summary":"Improper Neutralization of HTTP Headers for Scripting Syntax\n`X-Forwarded-Host` request hostname injection.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-013-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4g3-knhd-wqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7170?format=json","vulnerability_id":"VCID-w7x4-tung-wyae","summary":"Cross-site Scripting\nXSS in `dev/build` `returnURL` Parameter.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21211?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"}],"aliases":["SS-2015-015-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7x4-tung-wyae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7381?format=json","vulnerability_id":"VCID-wazt-hn99-qkdk","summary":"Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-005","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22313?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22311?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/22317?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22315?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wazt-hn99-qkdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7483?format=json","vulnerability_id":"VCID-wrnm-d19b-hqby","summary":"Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22960?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/22961?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/22962?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22963?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156548?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-008"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrnm-d19b-hqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19435?format=json","vulnerability_id":"VCID-y2p2-y9wn-gqea","summary":"Silverstripe XSS In FormAction\nA cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be specified.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-007-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-007-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1db08bac88f9330dc4e6dda1ae08628f245a5212","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1db08bac88f9330dc4e6dda1ae08628f245a5212"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-007"},{"reference_url":"https://github.com/advisories/GHSA-4h54-vwx9-3vr3","reference_id":"GHSA-4h54-vwx9-3vr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h54-vwx9-3vr3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20985?format=json","purl":"pkg:composer/silverstripe/framework@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-35rh-ebhv-k3ds"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j5hb-hw1t-nkh3"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvfs-x2wd-p3h3"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-nmmv-bdq9-dued"},{"vulnerability":"VCID-nyz7-hhm1-yqat"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-r2k8-fccc-jfc2"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zu16-xznb-s3c7"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.10"}],"aliases":["GHSA-4h54-vwx9-3vr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2p2-y9wn-gqea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7802?format=json","vulnerability_id":"VCID-ya8k-c5s5-47gx","summary":"XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23844?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/23845?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-71cx-seqr-3fh5"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-g3kz-796v-4qf1"},{"vulnerability":"VCID-j9tk-b3hv-q3c1"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kh99-kpkt-pqdq"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-v116-gayp-mbfu"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"}],"aliases":["SS-2017-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19980?format=json","vulnerability_id":"VCID-ypfw-xhud-bbfs","summary":"Silverstripe Missing security check on dev/build/defaults\nThe buildDefaults method on DevelopmentAdmin is missing a permission check.\n\nIn live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is.\nThe buildDefaults view is requireDefaultRecords() on each DataObject class, and hence has the potential to modify database state. It also lists all modified tables, allowing attackers more insight into which modules are used, and how the database tables are structured.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-028-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/15d4db3b4a7dbc9a7e089f9329a396f8408ed7d9"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/5d2fc0d7cac4ce686f7ae05c1a7b1ad8c01711a8"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-028","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-028"},{"reference_url":"https://github.com/advisories/GHSA-x5w2-wcr8-9q45","reference_id":"GHSA-x5w2-wcr8-9q45","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5w2-wcr8-9q45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/61364?format=json","purl":"pkg:composer/silverstripe/framework@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"}],"aliases":["GHSA-x5w2-wcr8-9q45"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypfw-xhud-bbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17627?format=json","vulnerability_id":"VCID-yuer-yn1w-q3gw","summary":"Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\n### Impact\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.\n\n### References\n- https://www.silverstripe.org/download/security-releases/cve-2024-32981","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981","reference_id":"","reference_type":"","scores":[{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.7749","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77545","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77524","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77495","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77515","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981"},{"reference_url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"GHSA-chx7-9x8h-r5mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57580?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["CVE-2024-32981","GHSA-chx7-9x8h-r5mg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19339?format=json","vulnerability_id":"VCID-yuu2-set7-fuet","summary":"SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation\nWhen a secure token parameter is provided to a SilverStripe site (such as isDev or flush) an empty token parameter can be provided in order to bypass normal authentication parameters.\n\nFor instance, http://www.mysite.com/?isDev=1&isDevtoken will force a site to dev mode. Alternatively, \"flush\" could also be used in succession to cause excessive load on a victim site and risk denial of service.\n\nThe fix in this case is to ensure that empty tokens fail the validation check.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014"},{"reference_url":"https://github.com/advisories/GHSA-g4hp-pfvf-vm5w","reference_id":"GHSA-g4hp-pfvf-vm5w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4hp-pfvf-vm5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21117?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["GHSA-g4hp-pfvf-vm5w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuu2-set7-fuet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7563?format=json","vulnerability_id":"VCID-z7fk-zbvh-quew","summary":"XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23305?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/23306?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23307?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23308?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-016"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fk-zbvh-quew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7384?format=json","vulnerability_id":"VCID-zgy5-8cgd-gqhm","summary":"XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-004","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22313?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22311?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/22317?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22315?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/22320?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1mh2-7nc4-pqg2"},{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-edex-qc8j-xfhn"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-qnsx-aa52-fkhf"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/22319?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4fez-w6cm-rkf5"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6yv4-xevb-v7b2"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8am6-aeny-ffej"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-8zj1-kn8e-kbbn"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ade4-h51n-3bap"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-nt4w-m7ak-4bbx"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgy5-8cgd-gqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7303?format=json","vulnerability_id":"VCID-zr7a-tdxv-rqff","summary":"Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in `GridFieldAddExistingAutocompleter`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-002/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2016-002-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr7a-tdxv-rqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7302?format=json","vulnerability_id":"VCID-zr8u-z3r4-cbct","summary":"Improper Authentication\n'Missing security check on `dev/build/defaults`.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-028/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-028/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21703?format=json","purl":"pkg:composer/silverstripe/framework@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/152953?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/21705?format=json","purl":"pkg:composer/silverstripe/framework@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-vtva-utdn-jkce"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/150649?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-qjgf-hxng-j3g9"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-028-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr8u-z3r4-cbct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19852?format=json","vulnerability_id":"VCID-zu16-xznb-s3c7","summary":"SilverStripe framework XML Quadratic Blowup Attack\nA low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site.\n\nSee http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2014-017-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/7f983c2bae1dc78ca7217e9af364b2fb71dcefe8"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack"},{"reference_url":"https://github.com/advisories/GHSA-g43w-98wp-m694","reference_id":"GHSA-g43w-98wp-m694","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g43w-98wp-m694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20765?format=json","purl":"pkg:composer/silverstripe/framework@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3pwx-7wzy-qbdw"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5k79-mfyz-xqhu"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-6j2p-tzvx-9bdj"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-8wbx-bvm9-jqcv"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-a9qn-hsax-uke7"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cc1b-b6sm-zbcw"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-cg3k-vmk4-5kdb"},{"vulnerability":"VCID-cq8a-jun5-q3hh"},{"vulnerability":"VCID-dg5e-tkef-buab"},{"vulnerability":"VCID-dgn7-zmwr-u3c6"},{"vulnerability":"VCID-dq8q-6agw-g3d5"},{"vulnerability":"VCID-dx5f-g875-5bct"},{"vulnerability":"VCID-eaqw-9k5p-pybr"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-ehd6-y3gw-fufu"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fff2-h9gn-9qhu"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-gw2k-419z-t7h5"},{"vulnerability":"VCID-hgkh-tcdc-ufd5"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-k7bb-y315-4qb6"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kqk7-mdnd-hfc7"},{"vulnerability":"VCID-krjm-ygks-wyct"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-kz63-ftzc-tudk"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-p52e-s67u-eya7"},{"vulnerability":"VCID-pg9r-huax-rqfv"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-sm51-m1g2-47dz"},{"vulnerability":"VCID-sr5y-b8d8-3yd6"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-te88-ws12-3bc8"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tuwu-cznx-jqdb"},{"vulnerability":"VCID-u2yt-tvtw-f3d6"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ur9h-h6mw-fbdh"},{"vulnerability":"VCID-v4g3-knhd-wqa7"},{"vulnerability":"VCID-w7x4-tung-wyae"},{"vulnerability":"VCID-wazt-hn99-qkdk"},{"vulnerability":"VCID-wrnm-d19b-hqby"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-ypfw-xhud-bbfs"},{"vulnerability":"VCID-yuer-yn1w-q3gw"},{"vulnerability":"VCID-yuu2-set7-fuet"},{"vulnerability":"VCID-z7fk-zbvh-quew"},{"vulnerability":"VCID-zgy5-8cgd-gqhm"},{"vulnerability":"VCID-zr7a-tdxv-rqff"},{"vulnerability":"VCID-zr8u-z3r4-cbct"},{"vulnerability":"VCID-zxmh-xcvd-53fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.12"}],"aliases":["GHSA-g43w-98wp-m694"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zu16-xznb-s3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7564?format=json","vulnerability_id":"VCID-zxmh-xcvd-53fe","summary":"ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23305?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-t17w-gcwe-eue4"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/23306?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23307?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/23308?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f9j-ek3x-kbc5"},{"vulnerability":"VCID-2rbk-47h6-d7d8"},{"vulnerability":"VCID-3ydp-barm-5ya1"},{"vulnerability":"VCID-414d-7bfm-kud7"},{"vulnerability":"VCID-4f9c-aun4-wfep"},{"vulnerability":"VCID-4x32-t75c-u3bj"},{"vulnerability":"VCID-5pkg-j4wg-7fcn"},{"vulnerability":"VCID-6du5-hdvd-fueb"},{"vulnerability":"VCID-6epx-c68d-d7bv"},{"vulnerability":"VCID-7dk3-gcup-2kc9"},{"vulnerability":"VCID-86yd-4mkt-hydr"},{"vulnerability":"VCID-a3yc-fxa1-gfhy"},{"vulnerability":"VCID-ab5z-bqka-xudb"},{"vulnerability":"VCID-ajga-3b99-yugh"},{"vulnerability":"VCID-axxx-gpfn-mqc9"},{"vulnerability":"VCID-bdcq-z11u-zyh5"},{"vulnerability":"VCID-bmqt-5ybj-kuf6"},{"vulnerability":"VCID-c3vp-kc9a-vkhn"},{"vulnerability":"VCID-cdgj-bdpy-ukak"},{"vulnerability":"VCID-eddc-w9wx-c3gq"},{"vulnerability":"VCID-enkd-4y44-4ueq"},{"vulnerability":"VCID-ete7-tupf-63c9"},{"vulnerability":"VCID-fpb7-5pwu-tyg5"},{"vulnerability":"VCID-fyxa-vzeq-ubeq"},{"vulnerability":"VCID-j6ze-f76y-cqgy"},{"vulnerability":"VCID-kak1-btjp-kqgz"},{"vulnerability":"VCID-kdyk-rrrr-pufw"},{"vulnerability":"VCID-kvhv-9fj5-7kgk"},{"vulnerability":"VCID-kw9p-5fbc-hudg"},{"vulnerability":"VCID-kxa8-dmva-ayff"},{"vulnerability":"VCID-p2kq-rkh6-ayeu"},{"vulnerability":"VCID-pq29-qe7h-tkcp"},{"vulnerability":"VCID-qm38-1cwk-b3hq"},{"vulnerability":"VCID-tc2y-zrea-vyb2"},{"vulnerability":"VCID-tm1s-2m92-uyh9"},{"vulnerability":"VCID-tzmx-hfk2-7ufr"},{"vulnerability":"VCID-u49v-31sv-eqc3"},{"vulnerability":"VCID-ya8k-c5s5-47gx"},{"vulnerability":"VCID-yuer-yn1w-q3gw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-010"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxmh-xcvd-53fe"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.3-rc1"}