| 0 |
| url |
VCID-2f9j-ek3x-kbc5 |
| vulnerability_id |
VCID-2f9j-ek3x-kbc5 |
| summary |
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9311 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56963 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56917 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56939 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56966 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56969 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56977 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56957 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56934 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9311 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
|
| aliases |
CVE-2020-9311, GHSA-2pw2-qpcp-m47x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| url |
VCID-2rbk-47h6-d7d8 |
| vulnerability_id |
VCID-2rbk-47h6-d7d8 |
| summary |
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.1 |
| purl |
pkg:composer/silverstripe/framework@4.10.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 2 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 3 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 4 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 5 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 6 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 7 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 8 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 9 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 10 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 11 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 12 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 13 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 14 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 15 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 16 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 17 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 18 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 19 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 20 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1 |
|
|
| aliases |
CVE-2022-0227, GHSA-32m2-9f76-4gv8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbk-47h6-d7d8 |
|
| 2 |
| url |
VCID-3pwx-7wzy-qbdw |
| vulnerability_id |
VCID-3pwx-7wzy-qbdw |
| summary |
Insufficient sanitization in "Add from URL"
"Add from URL" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.1 |
| purl |
pkg:composer/silverstripe/framework@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 34 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 35 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 36 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 37 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 38 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 39 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 40 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 43 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 44 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 53 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 54 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 55 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1 |
|
| 1 |
|
|
| aliases |
SS-2015-027
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwx-7wzy-qbdw |
|
| 3 |
| url |
VCID-414d-7bfm-kud7 |
| vulnerability_id |
VCID-414d-7bfm-kud7 |
| summary |
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28661 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38047 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38107 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38062 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38086 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38123 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38154 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38176 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38105 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38097 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28661 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 24 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 32 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 33 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 34 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 35 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 36 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 37 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 38 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 39 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2021-28661, GHSA-r7rh-g777-g5gx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7 |
|
| 4 |
| url |
VCID-4f9c-aun4-wfep |
| vulnerability_id |
VCID-4f9c-aun4-wfep |
| summary |
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22728 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63885 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63938 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63903 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63936 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63949 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63919 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63869 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63911 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22728 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep |
|
| 5 |
| url |
VCID-4x32-t75c-u3bj |
| vulnerability_id |
VCID-4x32-t75c-u3bj |
| summary |
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37421 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55271 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55233 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55251 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55272 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55259 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5521 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37421 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.11.3 |
| purl |
pkg:composer/silverstripe/framework@4.11.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 2 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 3 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 4 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 5 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 6 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 7 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 8 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 9 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 10 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 11 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 12 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 13 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 14 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 15 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 16 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3 |
|
|
| aliases |
CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj |
|
| 6 |
| url |
VCID-5k79-mfyz-xqhu |
| vulnerability_id |
VCID-5k79-mfyz-xqhu |
| summary |
SS-2016-003: Hostname, IP and Protocol Spoofing through HTTP Headers |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3pwx-7wzy-qbdw |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dq8q-6agw-g3d5 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 24 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 25 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 26 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 27 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 28 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 29 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 30 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 31 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 40 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 41 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 42 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ur9h-h6mw-fbdh |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
| 3 |
|
|
| aliases |
SS-2016-003-1
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5k79-mfyz-xqhu |
|
| 7 |
| url |
VCID-5pkg-j4wg-7fcn |
| vulnerability_id |
VCID-5pkg-j4wg-7fcn |
| summary |
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-32302, GHSA-36xx-7vf6-7mv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn |
|
| 8 |
| url |
VCID-6du5-hdvd-fueb |
| vulnerability_id |
VCID-6du5-hdvd-fueb |
| summary |
Session fixation in change password form
SilverStripe through 4.3.3 allows session fixation in the "change password" form. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16985 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16773 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16838 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16897 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16943 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16969 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16911 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16823 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.1704 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12203 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6du5-hdvd-fueb |
|
| 9 |
| url |
VCID-6epx-c68d-d7bv |
| vulnerability_id |
VCID-6epx-c68d-d7bv |
| summary |
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.
Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.
### References
- https://www.silverstripe.org/download/security-releases/cve-2024-53277
## Reported by
Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77739 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77755 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.7775 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77801 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77765 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77781 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53277 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv |
|
| 10 |
| url |
VCID-6j2p-tzvx-9bdj |
| vulnerability_id |
VCID-6j2p-tzvx-9bdj |
| summary |
Missing CSRF protection in login form
`LoginForm` calls `disableSecurityToken()`, which causes a "shared host domain" vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 47 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 48 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 49 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.1.19 |
| purl |
pkg:composer/silverstripe/framework@3.1.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 50 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 52 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 53 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.2.4 |
| purl |
pkg:composer/silverstripe/framework@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@3.3.2 |
| purl |
pkg:composer/silverstripe/framework@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4fez-w6cm-rkf5 |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 27 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 28 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 29 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 30 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 31 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 32 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 33 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 34 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 35 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 36 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 37 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 38 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 39 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 40 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 41 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 42 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 43 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 48 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 49 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2 |
|
|
| aliases |
SS-2016-006
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6j2p-tzvx-9bdj |
|
| 11 |
| url |
VCID-7dk3-gcup-2kc9 |
| vulnerability_id |
VCID-7dk3-gcup-2kc9 |
| summary |
SilverStripe XXE Vulnerability in CSSContentParser
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25817 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57362 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57413 |
| published_at |
2026-04-08T12:55:00Z |
|
| 2 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57385 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.5728 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57417 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57391 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57409 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.5743 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57415 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25817 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-25817, GHSA-3vjc-5x79-m9r8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7dk3-gcup-2kc9 |
|
| 12 |
| url |
VCID-86yd-4mkt-hydr |
| vulnerability_id |
VCID-86yd-4mkt-hydr |
| summary |
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
### Impact
If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.
**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)
**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)
### References
- https://www.silverstripe.org/download/security-releases/CVE-2023-48714 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-48714 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45359 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45422 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45371 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45369 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.454 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45323 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45379 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-48714 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-48714, GHSA-qm2j-qvq3-j29v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr |
|
| 13 |
| url |
VCID-8wbx-bvm9-jqcv |
| vulnerability_id |
VCID-8wbx-bvm9-jqcv |
| summary |
ChangePasswordForm doesn't check Member::canLogIn()
After performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-011
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8wbx-bvm9-jqcv |
|
| 14 |
| url |
VCID-a3yc-fxa1-gfhy |
| vulnerability_id |
VCID-a3yc-fxa1-gfhy |
| summary |
Silverstripe Framework has a XSS vulnerability in HTML editor
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this attack.
### Reported by
James Nicoll from Fujitsu Cyber
### References
- https://www.silverstripe.org/download/security-releases/cve-2025-30148 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30148 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37948 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37914 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37901 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37851 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37974 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37868 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37893 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37929 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30148 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-30148, GHSA-rhx4-hvx9-j387
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy |
|
| 15 |
| url |
VCID-ab5z-bqka-xudb |
| vulnerability_id |
VCID-ab5z-bqka-xudb |
| summary |
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18049 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43775 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43675 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43731 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43755 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43689 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43739 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43743 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43762 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4373 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43713 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18049 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 12 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 13 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 19 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 20 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 21 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 22 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 23 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 24 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 25 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 26 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 27 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 28 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 29 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 30 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 31 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 32 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 33 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.6 |
| purl |
pkg:composer/silverstripe/framework@3.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 23 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 24 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 28 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| purl |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 12 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 13 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.3 |
| purl |
pkg:composer/silverstripe/framework@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 19 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 24 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 25 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 26 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 27 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 28 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 29 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 30 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
|
| aliases |
CVE-2017-18049, GHSA-2jvj-mhf2-g99w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ab5z-bqka-xudb |
|
| 16 |
| url |
VCID-ajga-3b99-yugh |
| vulnerability_id |
VCID-ajga-3b99-yugh |
| summary |
Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.
Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26136 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44118 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44237 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44176 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44208 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44193 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44182 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44188 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44137 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44206 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26136 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
|
| aliases |
CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ajga-3b99-yugh |
|
| 17 |
| url |
VCID-axxx-gpfn-mqc9 |
| vulnerability_id |
VCID-axxx-gpfn-mqc9 |
| summary |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
## References
- https://www.silverstripe.org/download/security-releases/ss-2024-002
## Reported by
Gaurav Nayak from [Chaleit](https://chaleit.com/) |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-mqf3-qpc3-g26q
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9 |
|
| 18 |
| url |
VCID-bdcq-z11u-zyh5 |
| vulnerability_id |
VCID-bdcq-z11u-zyh5 |
| summary |
Lack of access control on upoaded files
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12245 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48744 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48863 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48814 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48806 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48832 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48818 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48809 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48783 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12245 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bdcq-z11u-zyh5 |
|
| 19 |
| url |
VCID-c3vp-kc9a-vkhn |
| vulnerability_id |
VCID-c3vp-kc9a-vkhn |
| summary |
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59159 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59154 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59047 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59173 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.5919 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.5912 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59143 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59108 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59172 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-14498 |
| reference_id |
CVE-2017-14498 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-14498 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-14498, GHSA-j696-6m57-mcrv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vp-kc9a-vkhn |
|
| 20 |
| url |
VCID-cc1b-b6sm-zbcw |
| vulnerability_id |
VCID-cc1b-b6sm-zbcw |
| summary |
Silverstripe Form field validation message XSS vulnerability
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes.
Certain fields such as the NumericField and DropdownField have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.16 |
| purl |
pkg:composer/silverstripe/framework@3.1.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 39 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 40 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 47 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 48 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 55 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 56 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 57 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.1 |
| purl |
pkg:composer/silverstripe/framework@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 34 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 35 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 36 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 37 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 38 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 39 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 40 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 43 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 44 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 53 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 54 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 55 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1 |
|
|
| aliases |
GHSA-j982-5jv7-v43r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cc1b-b6sm-zbcw |
|
| 21 |
| url |
VCID-cdgj-bdpy-ukak |
| vulnerability_id |
VCID-cdgj-bdpy-ukak |
| summary |
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12437 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42091 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42163 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42112 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42138 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42175 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42153 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42142 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42124 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42063 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42152 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12437 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
|
| aliases |
CVE-2019-12437, GHSA-fx37-56v6-85q6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cdgj-bdpy-ukak |
|
| 22 |
| url |
VCID-cg3k-vmk4-5kdb |
| vulnerability_id |
VCID-cg3k-vmk4-5kdb |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
In follow up to [SS-2016-001](https://www.silverstripe.org/download/security-releases/ss-2016-001/) there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.21 |
| purl |
pkg:composer/silverstripe/framework@3.1.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-r85g-7jpv-8xrx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cg3k-vmk4-5kdb |
|
| 23 |
| url |
VCID-dgn7-zmwr-u3c6 |
| vulnerability_id |
VCID-dgn7-zmwr-u3c6 |
| summary |
CSRF vulnerability in savetreenodes
`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 47 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 48 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 49 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.1.19 |
| purl |
pkg:composer/silverstripe/framework@3.1.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 50 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 52 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 53 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.2.4 |
| purl |
pkg:composer/silverstripe/framework@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@3.3.2 |
| purl |
pkg:composer/silverstripe/framework@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4fez-w6cm-rkf5 |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 27 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 28 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 29 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 30 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 31 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 32 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 33 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 34 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 35 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 36 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 37 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 38 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 39 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 40 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 41 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 42 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 43 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 48 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 49 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2 |
|
|
| aliases |
SS-2015-029
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dgn7-zmwr-u3c6 |
|
| 24 |
| url |
VCID-dq8q-6agw-g3d5 |
| vulnerability_id |
VCID-dq8q-6agw-g3d5 |
| summary |
Improper Input Validation
`HtmlEditor` improper URL sanitisation. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.1 |
| purl |
pkg:composer/silverstripe/framework@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 34 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 35 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 36 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 37 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 38 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 39 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 40 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 43 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 44 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 53 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 54 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 55 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1 |
|
| 1 |
|
|
| aliases |
SS-2015-027-1
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dq8q-6agw-g3d5 |
|
| 25 |
| url |
VCID-dx5f-g875-5bct |
| vulnerability_id |
VCID-dx5f-g875-5bct |
| summary |
Pre-existing alc_enc cookies log users in if remember me is disabled
If remember me is on and users log in with the box checked, if the developer then disabled "remember me" function, any pre-existing cookies will continue to authenticate users. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-014
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dx5f-g875-5bct |
|
| 26 |
| url |
VCID-eaqw-9k5p-pybr |
| vulnerability_id |
VCID-eaqw-9k5p-pybr |
| summary |
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS.
The resolution for this issue is to ensure that all gridFieldAlterAction submissions are checked for the SecurityID token during submission. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.2 |
| purl |
pkg:composer/silverstripe/framework@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 44 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 45 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 46 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 47 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 48 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 49 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
|
| aliases |
GHSA-2hpc-mf4q-j885
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqw-9k5p-pybr |
|
| 27 |
| url |
VCID-eddc-w9wx-c3gq |
| vulnerability_id |
VCID-eddc-w9wx-c3gq |
| summary |
Broken access control on files
In SilverStripe assets 4.0, there is broken access control on files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14273 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56436 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56462 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56481 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56506 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56495 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.5649 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.5644 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56458 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56338 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14273 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14273, GHSA-43jj-2rwc-2m3f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eddc-w9wx-c3gq |
|
| 28 |
| url |
VCID-enkd-4y44-4ueq |
| vulnerability_id |
VCID-enkd-4y44-4ueq |
| summary |
FormField with square brackets in field name skips validation
FileField with array notation skips validation
The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.
PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.
In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26138 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52636 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52566 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52532 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52584 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52612 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52598 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52493 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52539 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26138 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-26138, GHSA-7mv4-4xpg-xq44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq |
|
| 29 |
| url |
VCID-fff2-h9gn-9qhu |
| vulnerability_id |
VCID-fff2-h9gn-9qhu |
| summary |
XSS vulnerability in form field validation
A high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.16 |
| purl |
pkg:composer/silverstripe/framework@3.1.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 39 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 40 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 47 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 48 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 55 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 56 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 57 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3pwx-7wzy-qbdw |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dq8q-6agw-g3d5 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 24 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 25 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 26 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 27 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 28 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 29 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 30 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 31 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 40 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 41 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 42 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ur9h-h6mw-fbdh |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.1 |
| purl |
pkg:composer/silverstripe/framework@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 34 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 35 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 36 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 37 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 38 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 39 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 40 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 43 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 44 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 53 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 54 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 55 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1 |
|
| 3 |
|
|
| aliases |
SS-2015-026
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fff2-h9gn-9qhu |
|
| 30 |
| url |
VCID-fpb7-5pwu-tyg5 |
| vulnerability_id |
VCID-fpb7-5pwu-tyg5 |
| summary |
SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12617 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.5359 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53712 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53708 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53659 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53661 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.5361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53642 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53614 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53674 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53691 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12617 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12617, GHSA-6r58-4xgr-gm6m
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fpb7-5pwu-tyg5 |
|
| 31 |
| url |
VCID-fyxa-vzeq-ubeq |
| vulnerability_id |
VCID-fyxa-vzeq-ubeq |
| summary |
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43357 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43421 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43362 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43377 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43409 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43389 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43374 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43384 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.433 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19326 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 13 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 14 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 15 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 16 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 17 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 18 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 19 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 20 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 21 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 22 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 23 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 24 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 25 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 26 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 13 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 14 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 15 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 16 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 24 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2019-19326, GHSA-q9ff-3q93-fm8m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq |
|
| 32 |
| url |
VCID-hgkh-tcdc-ufd5 |
| vulnerability_id |
VCID-hgkh-tcdc-ufd5 |
| summary |
Missing ACL on reports
The `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-012
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hgkh-tcdc-ufd5 |
|
| 33 |
| url |
VCID-j6ze-f76y-cqgy |
| vulnerability_id |
VCID-j6ze-f76y-cqgy |
| summary |
Cross-site Scripting
There is an XSS in SilverStripe CMS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5197 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49905 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49986 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49941 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49972 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49953 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49928 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.4996 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49955 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5197 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 25 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.4.4 |
| purl |
pkg:composer/silverstripe/framework@3.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 27 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 28 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 29 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 30 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 31 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 32 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 35 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 36 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 37 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 38 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 39 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 40 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 41 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 24 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 32 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 33 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 34 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 35 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 36 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 37 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 38 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 39 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ze-f76y-cqgy |
|
| 34 |
| url |
VCID-k7bb-y315-4qb6 |
| vulnerability_id |
VCID-k7bb-y315-4qb6 |
| summary |
XSS In OptionsetField and CheckboxSetField
List of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-015
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k7bb-y315-4qb6 |
|
| 35 |
| url |
VCID-kak1-btjp-kqgz |
| vulnerability_id |
VCID-kak1-btjp-kqgz |
| summary |
Silverstripe uses TinyMCE which allows svg files linked in object tags
### Impact
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.
Note that `<embed>` tags are not allowed by default.
After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.
We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.
### References:
- https://www.silverstripe.org/download/security-releases/ss-2024-001
- https://github.com/advisories/GHSA-5359-pvf2-pw78 |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-52cw-pvq9-9m5v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz |
|
| 36 |
| url |
VCID-kdyk-rrrr-pufw |
| vulnerability_id |
VCID-kdyk-rrrr-pufw |
| summary |
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12849 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45822 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45926 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45873 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45866 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45896 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45874 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.4585 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45878 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45872 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12849 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12849 |
| reference_id |
CVE-2017-12849 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12849 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.5 |
| purl |
pkg:composer/silverstripe/framework@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyk-rrrr-pufw |
|
| 37 |
| url |
VCID-kqk7-mdnd-hfc7 |
| vulnerability_id |
VCID-kqk7-mdnd-hfc7 |
| summary |
silverstripe/framework's `Member.Name` is not escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name".
If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because Member->getName() just returns the raw FirstName + Surname as a string, which is injected directly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
|
| aliases |
GHSA-r9vp-fp72-xgf7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kqk7-mdnd-hfc7 |
|
| 38 |
| url |
VCID-krjm-ygks-wyct |
| vulnerability_id |
VCID-krjm-ygks-wyct |
| summary |
silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default.
SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and doesn't overwrite data on form construction.
Readonly and disabled form fields are already filtered out in Form->saveInto(), so maliciously submitted data on these fields doesn't make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.21 |
| purl |
pkg:composer/silverstripe/framework@3.1.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-97jm-g33h-f46g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krjm-ygks-wyct |
|
| 39 |
| url |
VCID-kvhv-9fj5-7kgk |
| vulnerability_id |
VCID-kvhv-9fj5-7kgk |
| summary |
Silverstripe Framework has a XSS via insert media remote file oembed
### Impact
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.
## References
- https://www.silverstripe.org/download/security-releases/cve-2024-47605
## Reported by
James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47605 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88367 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88414 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.884 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88397 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88391 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88372 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88353 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47605 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47605, GHSA-7cmp-cgg8-4c82
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk |
|
| 40 |
| url |
VCID-kw9p-5fbc-hudg |
| vulnerability_id |
VCID-kw9p-5fbc-hudg |
| summary |
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-74j9-xhqr-6qv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg |
|
| 41 |
| url |
VCID-kxa8-dmva-ayff |
| vulnerability_id |
VCID-kxa8-dmva-ayff |
| summary |
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41559 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57419 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57393 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57411 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57432 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57417 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57363 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57364 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41559 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.9 |
| purl |
pkg:composer/silverstripe/framework@4.10.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 2 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 3 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 4 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 5 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 6 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 7 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 8 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 9 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 10 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 11 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9 |
|
| 1 |
|
|
| aliases |
CVE-2021-41559, GHSA-9fmg-89fx-r33w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kxa8-dmva-ayff |
|
| 42 |
| url |
VCID-p2kq-rkh6-ayeu |
| vulnerability_id |
VCID-p2kq-rkh6-ayeu |
| summary |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55324 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55283 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55315 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55316 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55327 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55305 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55286 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5715 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5715 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.7 |
| purl |
pkg:composer/silverstripe/framework@3.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.3 |
| purl |
pkg:composer/silverstripe/framework@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.0.7 |
| purl |
pkg:composer/silverstripe/framework@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 14 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 15 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 23 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 30 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 34 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.1.5 |
| purl |
pkg:composer/silverstripe/framework@4.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.2.4 |
| purl |
pkg:composer/silverstripe/framework@4.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.3.1 |
| purl |
pkg:composer/silverstripe/framework@4.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1 |
|
|
| aliases |
CVE-2019-5715, GHSA-wvfw-w3x6-g526
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu |
|
| 43 |
| url |
VCID-p52e-s67u-eya7 |
| vulnerability_id |
VCID-p52e-s67u-eya7 |
| summary |
Member.Name isn't escaped
The core template `framework/templates/Includes/GridField_print.ss` uses "Printed by $Member.Name". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-013
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p52e-s67u-eya7 |
|
| 44 |
| url |
VCID-pq29-qe7h-tkcp |
| vulnerability_id |
VCID-pq29-qe7h-tkcp |
| summary |
Silverstripe Flash Clipboard Reflected XSS
SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12205 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59302 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59371 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59228 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59338 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59356 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59373 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59353 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59341 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59325 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12205 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12205, GHSA-rfvw-5848-gxc5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp |
|
| 45 |
| url |
VCID-qm38-1cwk-b3hq |
| vulnerability_id |
VCID-qm38-1cwk-b3hq |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22729 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49576 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.4964 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49592 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49621 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49609 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49554 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49603 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22729 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22729, GHSA-fw84-xgm8-9jmv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq |
|
| 46 |
| url |
VCID-t17w-gcwe-eue4 |
| vulnerability_id |
VCID-t17w-gcwe-eue4 |
| summary |
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side
HtmlEditorField_Toolbar has an action HtmlEditorField_Toolbar#viewfile, which gets called by the CMS when adding a media "from a URL" (i.e. via oembed).
This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL sanitising server side. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.2.1 |
| purl |
pkg:composer/silverstripe/framework@3.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5k79-mfyz-xqhu |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 21 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eaqw-9k5p-pybr |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 34 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 35 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 36 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 37 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 38 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 39 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 40 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-te88-ws12-3bc8 |
|
| 43 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 44 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-ypfw-xhud-bbfs |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 53 |
| vulnerability |
VCID-zr7a-tdxv-rqff |
|
| 54 |
| vulnerability |
VCID-zr8u-z3r4-cbct |
|
| 55 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1 |
|
|
| aliases |
GHSA-qp29-wcc2-vmpc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t17w-gcwe-eue4 |
|
| 47 |
| url |
VCID-tc2y-zrea-vyb2 |
| vulnerability_id |
VCID-tc2y-zrea-vyb2 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36150 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58994 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58857 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58932 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58954 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.5892 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58972 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58978 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58997 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58979 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.5896 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36150 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 20 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 21 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.9.0 |
| purl |
pkg:composer/silverstripe/framework@4.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 20 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 21 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0 |
|
|
| aliases |
CVE-2021-36150, GHSA-j66h-cc96-c32q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2 |
|
| 48 |
| url |
VCID-te88-ws12-3bc8 |
| vulnerability_id |
VCID-te88-ws12-3bc8 |
| summary |
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies.
The impact of spoofed headers can include Director::forceSSL() not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers.
Regardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Request hostname forgery in order to opt-in to these protections. If your website is not behind a reverse proxy, you might already be protected if using Apache with mod_env enabled, and you have the following line in your .htaccess file: SetEnv BlockUntrustedIPs true. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.2 |
| purl |
pkg:composer/silverstripe/framework@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 44 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 45 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 46 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 47 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 48 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 49 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
|
| aliases |
GHSA-87pf-7x99-5xc4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-te88-ws12-3bc8 |
|
| 49 |
| url |
VCID-tm1s-2m92-uyh9 |
| vulnerability_id |
VCID-tm1s-2m92-uyh9 |
| summary |
SilverStripe asset-admin Cross-site Scripting (XSS)
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14272 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57329 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57194 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57275 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57298 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57274 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57325 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57342 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57322 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57301 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14272 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tm1s-2m92-uyh9 |
|
| 50 |
| url |
VCID-tuwu-cznx-jqdb |
| vulnerability_id |
VCID-tuwu-cznx-jqdb |
| summary |
XSS in CMSController BackURL
A XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 47 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 48 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 49 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.1.19 |
| purl |
pkg:composer/silverstripe/framework@3.1.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 50 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 52 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 53 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.2.4 |
| purl |
pkg:composer/silverstripe/framework@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@3.3.2 |
| purl |
pkg:composer/silverstripe/framework@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4fez-w6cm-rkf5 |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 27 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 28 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 29 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 30 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 31 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 32 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 33 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 34 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 35 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 36 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 37 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 38 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 39 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 40 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 41 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 42 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 43 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 48 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 49 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2 |
|
|
| aliases |
SS-2016-001
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tuwu-cznx-jqdb |
|
| 51 |
| url |
VCID-u49v-31sv-eqc3 |
| vulnerability_id |
VCID-u49v-31sv-eqc3 |
| summary |
SilverStripe Denial of Service on flush and development URL tools
SilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12246 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36331 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36283 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36343 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36301 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36322 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36359 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36352 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36415 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36225 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12246 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.0 |
| purl |
pkg:composer/silverstripe/framework@4.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 13 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 14 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 23 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 28 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 33 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 34 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0 |
|
|
| aliases |
CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u49v-31sv-eqc3 |
|
| 52 |
| url |
VCID-wazt-hn99-qkdk |
| vulnerability_id |
VCID-wazt-hn99-qkdk |
| summary |
Brute force bypass on default admin
Default Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 47 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 48 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 49 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.1.19 |
| purl |
pkg:composer/silverstripe/framework@3.1.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 50 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 52 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 53 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.2.4 |
| purl |
pkg:composer/silverstripe/framework@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@3.3.2 |
| purl |
pkg:composer/silverstripe/framework@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4fez-w6cm-rkf5 |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 27 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 28 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 29 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 30 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 31 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 32 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 33 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 34 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 35 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 36 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 37 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 38 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 39 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 40 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 41 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 42 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 43 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 48 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 49 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2 |
|
|
| aliases |
SS-2016-005
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wazt-hn99-qkdk |
|
| 53 |
| url |
VCID-wrnm-d19b-hqby |
| vulnerability_id |
VCID-wrnm-d19b-hqby |
| summary |
Password encryption salt expiry
When a user changes their password, the internal salt used for hashing their password is not updated. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.20 |
| purl |
pkg:composer/silverstripe/framework@3.1.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 37 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 38 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 39 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.5 |
| purl |
pkg:composer/silverstripe/framework@3.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.3 |
| purl |
pkg:composer/silverstripe/framework@3.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 22 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 37 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 38 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.1 |
| purl |
pkg:composer/silverstripe/framework@3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 26 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 27 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 28 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 29 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 30 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 31 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 32 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 33 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 34 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 35 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 36 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 37 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 38 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 39 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 40 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 41 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 42 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.0.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 14 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 15 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 16 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 24 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1 |
|
|
| aliases |
SS-2016-008
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wrnm-d19b-hqby |
|
| 54 |
| url |
VCID-ya8k-c5s5-47gx |
| vulnerability_id |
VCID-ya8k-c5s5-47gx |
| summary |
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 25 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 27 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 28 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 29 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 30 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 31 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 32 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 35 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 36 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 37 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 38 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 39 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 40 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 41 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
|
| aliases |
SS-2017-001
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx |
|
| 55 |
| url |
VCID-ypfw-xhud-bbfs |
| vulnerability_id |
VCID-ypfw-xhud-bbfs |
| summary |
Silverstripe Missing security check on dev/build/defaults
The buildDefaults method on DevelopmentAdmin is missing a permission check.
In live mode, if you access /dev/build, you are requested to login first. However, if you access /dev/build/defaults, then the action is performed without any login check. This should be protected in the same way that /dev/build is.
The buildDefaults view is requireDefaultRecords() on each DataObject class, and hence has the potential to modify database state. It also lists all modified tables, allowing attackers more insight into which modules are used, and how the database tables are structured. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.2 |
| purl |
pkg:composer/silverstripe/framework@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 44 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 45 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 46 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 47 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 48 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 49 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.2 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
|
| aliases |
GHSA-x5w2-wcr8-9q45
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ypfw-xhud-bbfs |
|
| 56 |
| url |
VCID-yuer-yn1w-q3gw |
| vulnerability_id |
VCID-yuer-yn1w-q3gw |
| summary |
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this type of attack.
### References
- https://www.silverstripe.org/download/security-releases/cve-2024-32981 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32981 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.7749 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.7758 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77545 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.7756 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77534 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77524 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77495 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77515 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32981 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-32981, GHSA-chx7-9x8h-r5mg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw |
|
| 57 |
| url |
VCID-z7fk-zbvh-quew |
| vulnerability_id |
VCID-z7fk-zbvh-quew |
| summary |
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.21 |
| purl |
pkg:composer/silverstripe/framework@3.1.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-016
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fk-zbvh-quew |
|
| 58 |
| url |
VCID-zgy5-8cgd-gqhm |
| vulnerability_id |
VCID-zgy5-8cgd-gqhm |
| summary |
XSS in CMS Edit Page
Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.1.19-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 47 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 48 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 49 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.1.19 |
| purl |
pkg:composer/silverstripe/framework@3.1.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 48 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 49 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 50 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.2.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 50 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 51 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 52 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 53 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.2.4 |
| purl |
pkg:composer/silverstripe/framework@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 14 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 15 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 16 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 17 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 18 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 19 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 20 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 21 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 22 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 23 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 24 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 25 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 26 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 27 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 28 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 29 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 30 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 31 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 32 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 33 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 34 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 35 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 36 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 37 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 38 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 39 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 40 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 41 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 42 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 43 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 44 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 45 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.3.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1mh2-7nc4-pqg2 |
|
| 1 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 2 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-edex-qc8j-xfhn |
|
| 27 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 28 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 29 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 30 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 31 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 32 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 33 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 34 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 35 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 36 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 37 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 38 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 39 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 40 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 41 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 42 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 43 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 44 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 45 |
| vulnerability |
VCID-qnsx-aa52-fkhf |
|
| 46 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 47 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 48 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 49 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 50 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 51 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 52 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 53 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 54 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@3.3.2 |
| purl |
pkg:composer/silverstripe/framework@3.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4fez-w6cm-rkf5 |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6yv4-xevb-v7b2 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8am6-aeny-ffej |
|
| 13 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 14 |
| vulnerability |
VCID-8zj1-kn8e-kbbn |
|
| 15 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 16 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 17 |
| vulnerability |
VCID-ade4-h51n-3bap |
|
| 18 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 19 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 20 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 21 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 22 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 23 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 24 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 25 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 26 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 27 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 28 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 29 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 30 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 31 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 32 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 33 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 34 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 35 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 36 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 37 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 38 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 39 |
| vulnerability |
VCID-nt4w-m7ak-4bbx |
|
| 40 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 41 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 42 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 43 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 44 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 45 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 46 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 47 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 48 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 49 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 50 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 51 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 52 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2 |
|
|
| aliases |
SS-2016-004
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zgy5-8cgd-gqhm |
|
| 59 |
| url |
VCID-zr7a-tdxv-rqff |
| vulnerability_id |
VCID-zr7a-tdxv-rqff |
| summary |
Cross-Site Request Forgery (CSRF)
CSRF vulnerability in `GridFieldAddExistingAutocompleter`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3pwx-7wzy-qbdw |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dq8q-6agw-g3d5 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 24 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 25 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 26 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 27 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 28 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 29 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 30 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 31 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 40 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 41 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 42 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ur9h-h6mw-fbdh |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
| 3 |
|
|
| aliases |
SS-2016-002-1
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zr7a-tdxv-rqff |
|
| 60 |
| url |
VCID-zr8u-z3r4-cbct |
| vulnerability_id |
VCID-zr8u-z3r4-cbct |
| summary |
Improper Authentication
'Missing security check on `dev/build/defaults`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.17 |
| purl |
pkg:composer/silverstripe/framework@3.1.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-kqk7-mdnd-hfc7 |
|
| 32 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 33 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 34 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 35 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 40 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 41 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 42 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 43 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 44 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.17 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.2.0-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3pwx-7wzy-qbdw |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 13 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 14 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 15 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 16 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 17 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dq8q-6agw-g3d5 |
|
| 22 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 23 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 24 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 25 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 26 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 27 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 28 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 29 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 30 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 31 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 40 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 41 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 42 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ur9h-h6mw-fbdh |
|
| 45 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 46 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 47 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 49 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 50 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 51 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.0 |
| purl |
pkg:composer/silverstripe/framework@3.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-6j2p-tzvx-9bdj |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-8wbx-bvm9-jqcv |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-cg3k-vmk4-5kdb |
|
| 20 |
| vulnerability |
VCID-dgn7-zmwr-u3c6 |
|
| 21 |
| vulnerability |
VCID-dx5f-g875-5bct |
|
| 22 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 23 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 24 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 25 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 26 |
| vulnerability |
VCID-hgkh-tcdc-ufd5 |
|
| 27 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 28 |
| vulnerability |
VCID-k7bb-y315-4qb6 |
|
| 29 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 30 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 31 |
| vulnerability |
VCID-krjm-ygks-wyct |
|
| 32 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 33 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 34 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 35 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 36 |
| vulnerability |
VCID-p52e-s67u-eya7 |
|
| 37 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 41 |
| vulnerability |
VCID-tuwu-cznx-jqdb |
|
| 42 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 43 |
| vulnerability |
VCID-vtva-utdn-jkce |
|
| 44 |
| vulnerability |
VCID-wazt-hn99-qkdk |
|
| 45 |
| vulnerability |
VCID-wrnm-d19b-hqby |
|
| 46 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 47 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
| 48 |
| vulnerability |
VCID-z7fk-zbvh-quew |
|
| 49 |
| vulnerability |
VCID-zgy5-8cgd-gqhm |
|
| 50 |
| vulnerability |
VCID-zxmh-xcvd-53fe |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.0 |
|
| 3 |
|
|
| aliases |
SS-2015-028-1
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zr8u-z3r4-cbct |
|
| 61 |
| url |
VCID-zxmh-xcvd-53fe |
| vulnerability_id |
VCID-zxmh-xcvd-53fe |
| summary |
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.1.21 |
| purl |
pkg:composer/silverstripe/framework@3.1.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-t17w-gcwe-eue4 |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.2.6 |
| purl |
pkg:composer/silverstripe/framework@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.3.4 |
| purl |
pkg:composer/silverstripe/framework@3.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-010
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zxmh-xcvd-53fe |
|