| 0 |
| url |
VCID-2f9j-ek3x-kbc5 |
| vulnerability_id |
VCID-2f9j-ek3x-kbc5 |
| summary |
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9311 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56934 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56823 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56917 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56939 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56914 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56966 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56969 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56977 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00343 |
| scoring_system |
epss |
| scoring_elements |
0.56957 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-9311 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
|
| aliases |
CVE-2020-9311, GHSA-2pw2-qpcp-m47x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| url |
VCID-2rbk-47h6-d7d8 |
| vulnerability_id |
VCID-2rbk-47h6-d7d8 |
| summary |
Business Logic Errors in GitHub repository silverstripe/silverstripe-framework |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.1 |
| purl |
pkg:composer/silverstripe/framework@4.10.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 2 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 3 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 4 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 5 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 6 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 7 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 8 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 9 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 10 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 11 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 12 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 13 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 14 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 15 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 16 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 17 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 18 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 19 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 20 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1 |
|
|
| aliases |
CVE-2022-0227, GHSA-32m2-9f76-4gv8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbk-47h6-d7d8 |
|
| 2 |
| url |
VCID-3ydp-barm-5ya1 |
| vulnerability_id |
VCID-3ydp-barm-5ya1 |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Authenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.6 |
| purl |
pkg:composer/silverstripe/framework@3.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 28 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 29 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 30 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 31 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 32 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.4 |
| purl |
pkg:composer/silverstripe/framework@3.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4 |
|
|
| aliases |
GHSA-c4c3-j73v-634r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydp-barm-5ya1 |
|
| 3 |
| url |
VCID-414d-7bfm-kud7 |
| vulnerability_id |
VCID-414d-7bfm-kud7 |
| summary |
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28661 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38047 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38062 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38086 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38123 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38105 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37972 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38154 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38176 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38097 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-28661 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 24 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 32 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 33 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 34 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 35 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 36 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 37 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 38 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 39 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2021-28661, GHSA-r7rh-g777-g5gx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-414d-7bfm-kud7 |
|
| 4 |
| url |
VCID-4f9c-aun4-wfep |
| vulnerability_id |
VCID-4f9c-aun4-wfep |
| summary |
Missing Authorization
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22728 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63885 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63903 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63936 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63949 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63937 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63919 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63869 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00457 |
| scoring_system |
epss |
| scoring_elements |
0.63911 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22728 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9c-aun4-wfep |
|
| 5 |
| url |
VCID-4x32-t75c-u3bj |
| vulnerability_id |
VCID-4x32-t75c-u3bj |
| summary |
Silverstipe CMS Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37421 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55233 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55232 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5521 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55259 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55272 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55251 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-37421 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.11.3 |
| purl |
pkg:composer/silverstripe/framework@4.11.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 2 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 3 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 4 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 5 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 6 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 7 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 8 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 9 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 10 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 11 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 12 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 13 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 14 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 15 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 16 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3 |
|
|
| aliases |
CVE-2022-37421, GHSA-pp74-g2q5-j4jf, GMS-2022-6855
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4x32-t75c-u3bj |
|
| 6 |
| url |
VCID-5pkg-j4wg-7fcn |
| vulnerability_id |
VCID-5pkg-j4wg-7fcn |
| summary |
Improper Input Validation
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-32302, GHSA-36xx-7vf6-7mv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5pkg-j4wg-7fcn |
|
| 7 |
| url |
VCID-6du5-hdvd-fueb |
| vulnerability_id |
VCID-6du5-hdvd-fueb |
| summary |
Session fixation in change password form
SilverStripe through 4.3.3 allows session fixation in the "change password" form. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12203 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16985 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16838 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16897 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16943 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16817 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16969 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16911 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.16823 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00054 |
| scoring_system |
epss |
| scoring_elements |
0.1704 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12203 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6du5-hdvd-fueb |
|
| 8 |
| url |
VCID-6epx-c68d-d7bv |
| vulnerability_id |
VCID-6epx-c68d-d7bv |
| summary |
Silverstripe Framework has a XSS in form messages
In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.
Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.
### References
- https://www.silverstripe.org/download/security-releases/cve-2024-53277
## Reported by
Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53277 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77739 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77755 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.7775 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77722 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77712 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77765 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.01074 |
| scoring_system |
epss |
| scoring_elements |
0.77781 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-53277 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6epx-c68d-d7bv |
|
| 9 |
| url |
VCID-7dk3-gcup-2kc9 |
| vulnerability_id |
VCID-7dk3-gcup-2kc9 |
| summary |
SilverStripe XXE Vulnerability in CSSContentParser
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25817 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57362 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57391 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57409 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.5743 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57415 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.5728 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57385 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57413 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-25817 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-25817, GHSA-3vjc-5x79-m9r8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7dk3-gcup-2kc9 |
|
| 10 |
| url |
VCID-86yd-4mkt-hydr |
| vulnerability_id |
VCID-86yd-4mkt-hydr |
| summary |
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
### Impact
If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user.
**Base CVSS:** [4.3](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C&version=3.1)
**Reported by:** Nick K - LittleMonkey, [littlemonkey.co.nz](http://littlemonkey.co.nz/)
### References
- https://www.silverstripe.org/download/security-releases/CVE-2023-48714 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-48714 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45378 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45371 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45369 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.454 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45359 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45379 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45323 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-48714 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-48714, GHSA-qm2j-qvq3-j29v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-86yd-4mkt-hydr |
|
| 11 |
| url |
VCID-a3yc-fxa1-gfhy |
| vulnerability_id |
VCID-a3yc-fxa1-gfhy |
| summary |
Silverstripe Framework has a XSS vulnerability in HTML editor
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this attack.
### Reported by
James Nicoll from Fujitsu Cyber
### References
- https://www.silverstripe.org/download/security-releases/cve-2025-30148 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30148 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37948 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37914 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37901 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37851 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37974 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37868 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37893 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37929 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-30148 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-30148, GHSA-rhx4-hvx9-j387
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yc-fxa1-gfhy |
|
| 12 |
| url |
VCID-ab5z-bqka-xudb |
| vulnerability_id |
VCID-ab5z-bqka-xudb |
| summary |
Injection Vulnerability
In the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18049 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43713 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43675 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43731 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43755 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43689 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43739 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43743 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43762 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4373 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18049 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.6-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 12 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 13 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 19 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 20 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 21 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 22 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 23 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 24 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 25 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 26 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 27 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 28 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 29 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 30 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 31 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 32 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 33 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.6 |
| purl |
pkg:composer/silverstripe/framework@3.5.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 23 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 24 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 28 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| purl |
pkg:composer/silverstripe/framework@3.6.3-rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 12 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 13 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.3 |
| purl |
pkg:composer/silverstripe/framework@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 19 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 24 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 25 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 26 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 27 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 28 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 29 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 30 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
|
| aliases |
CVE-2017-18049, GHSA-2jvj-mhf2-g99w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ab5z-bqka-xudb |
|
| 13 |
| url |
VCID-ajga-3b99-yugh |
| vulnerability_id |
VCID-ajga-3b99-yugh |
| summary |
Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.
Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26136 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44182 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44176 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44208 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44193 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44188 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44118 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44137 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00216 |
| scoring_system |
epss |
| scoring_elements |
0.44206 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26136 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
|
| aliases |
CVE-2020-26136, GHSA-mg2g-8pwj-r2j2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ajga-3b99-yugh |
|
| 14 |
| url |
VCID-axxx-gpfn-mqc9 |
| vulnerability_id |
VCID-axxx-gpfn-mqc9 |
| summary |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
## References
- https://www.silverstripe.org/download/security-releases/ss-2024-002
## Reported by
Gaurav Nayak from [Chaleit](https://chaleit.com/) |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-mqf3-qpc3-g26q
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-axxx-gpfn-mqc9 |
|
| 15 |
| url |
VCID-bdcq-z11u-zyh5 |
| vulnerability_id |
VCID-bdcq-z11u-zyh5 |
| summary |
Lack of access control on upoaded files
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12245 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48744 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48814 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48806 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48832 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48815 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48818 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48763 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48809 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00255 |
| scoring_system |
epss |
| scoring_elements |
0.48783 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12245 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bdcq-z11u-zyh5 |
|
| 16 |
| url |
VCID-bmqt-5ybj-kuf6 |
| vulnerability_id |
VCID-bmqt-5ybj-kuf6 |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in page name
silverstripe/framework is vulnerable to XSS in Page name where the payload `"><svg/onload=alert(/xss/)>` will trigger an XSS alert. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4 |
| purl |
pkg:composer/silverstripe/framework@3.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 24 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 32 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 33 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 34 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 35 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 36 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 37 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 38 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 39 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
GHSA-hhvj-mcrx-3vcf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| url |
VCID-c3vp-kc9a-vkhn |
| vulnerability_id |
VCID-c3vp-kc9a-vkhn |
| summary |
Cross-site Scripting
SilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14498 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59159 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59154 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59047 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59173 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.5919 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.5912 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59143 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59108 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00375 |
| scoring_system |
epss |
| scoring_elements |
0.59172 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-14498 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-14498 |
| reference_id |
CVE-2017-14498 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-14498 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-14498, GHSA-j696-6m57-mcrv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c3vp-kc9a-vkhn |
|
| 18 |
| url |
VCID-cdgj-bdpy-ukak |
| vulnerability_id |
VCID-cdgj-bdpy-ukak |
| summary |
Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12437 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42063 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42112 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42138 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42175 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42153 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42142 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42091 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42152 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42124 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12437 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
|
| aliases |
CVE-2019-12437, GHSA-fx37-56v6-85q6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cdgj-bdpy-ukak |
|
| 19 |
| url |
VCID-cg3k-vmk4-5kdb |
| vulnerability_id |
VCID-cg3k-vmk4-5kdb |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
In follow up to [SS-2016-001](https://www.silverstripe.org/download/security-releases/ss-2016-001/) there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-r85g-7jpv-8xrx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cg3k-vmk4-5kdb |
|
| 20 |
| url |
VCID-eddc-w9wx-c3gq |
| vulnerability_id |
VCID-eddc-w9wx-c3gq |
| summary |
Broken access control on files
In SilverStripe assets 4.0, there is broken access control on files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14273 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56436 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56462 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56481 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56506 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56495 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.5649 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.5644 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56458 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00336 |
| scoring_system |
epss |
| scoring_elements |
0.56338 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14273 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14273, GHSA-43jj-2rwc-2m3f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eddc-w9wx-c3gq |
|
| 21 |
| url |
VCID-enkd-4y44-4ueq |
| vulnerability_id |
VCID-enkd-4y44-4ueq |
| summary |
FormField with square brackets in field name skips validation
FileField with array notation skips validation
The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload.
PHP allows for submitting multiple values by adding square brackets to the field name. When this is done to a FileField, it will be coerced into allowing multiple files by using this notation. This is not a supported feature, though nothing is done to prevent this.
In this scenario, validation such as limiting allowed extensions is not applied, and the FileField->saveInto() behaviour is not triggered. If custom controller logic is used to process the file uploads, it might implicitly rely on validation to be provided by the Form system, which is not the case. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26138 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52598 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52539 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52566 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52532 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52584 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52629 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52612 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00292 |
| scoring_system |
epss |
| scoring_elements |
0.52493 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-26138 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 20 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 21 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 22 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-26138, GHSA-7mv4-4xpg-xq44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-enkd-4y44-4ueq |
|
| 22 |
| url |
VCID-ete7-tupf-63c9 |
| vulnerability_id |
VCID-ete7-tupf-63c9 |
| summary |
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
RedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.6 |
| purl |
pkg:composer/silverstripe/framework@3.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 28 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 29 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 30 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 31 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 32 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.4 |
| purl |
pkg:composer/silverstripe/framework@3.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4 |
|
|
| aliases |
GHSA-pp7q-6j3f-74vj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ete7-tupf-63c9 |
|
| 23 |
| url |
VCID-fpb7-5pwu-tyg5 |
| vulnerability_id |
VCID-fpb7-5pwu-tyg5 |
| summary |
SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12617 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.5359 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53674 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53708 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53659 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53661 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.5361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53642 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53614 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00304 |
| scoring_system |
epss |
| scoring_elements |
0.53691 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12617 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12617, GHSA-6r58-4xgr-gm6m
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| url |
VCID-fyxa-vzeq-ubeq |
| vulnerability_id |
VCID-fyxa-vzeq-ubeq |
| summary |
SilverStripe Web Cache Poisoning through HTTPRequestBuilder
SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19326 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43357 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43362 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43377 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43409 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43389 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43374 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43322 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.43384 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00209 |
| scoring_system |
epss |
| scoring_elements |
0.433 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-19326 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 13 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 14 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 15 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 16 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 17 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 18 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 19 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 20 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 21 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 22 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 23 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 24 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 25 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 26 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 13 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 14 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 15 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 16 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 17 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 18 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 19 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 20 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 21 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 22 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 23 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 24 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 25 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2019-19326, GHSA-q9ff-3q93-fm8m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fyxa-vzeq-ubeq |
|
| 25 |
| url |
VCID-j6ze-f76y-cqgy |
| vulnerability_id |
VCID-j6ze-f76y-cqgy |
| summary |
Cross-site Scripting
There is an XSS in SilverStripe CMS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5197 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49955 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49941 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49943 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49972 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49953 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.4996 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49891 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49928 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00265 |
| scoring_system |
epss |
| scoring_elements |
0.49905 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5197 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 25 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.4.4 |
| purl |
pkg:composer/silverstripe/framework@3.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 33 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 27 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 28 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 29 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 30 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 31 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 32 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 35 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 36 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 37 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 38 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 39 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 40 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 41 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.5.2 |
| purl |
pkg:composer/silverstripe/framework@3.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 17 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 18 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 19 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 20 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 21 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 24 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 32 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 33 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 34 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 35 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 36 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 37 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 38 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 39 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2 |
|
|
| aliases |
CVE-2017-5197, GHSA-xmjh-wjc5-wg4h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ze-f76y-cqgy |
|
| 26 |
| url |
VCID-kak1-btjp-kqgz |
| vulnerability_id |
VCID-kak1-btjp-kqgz |
| summary |
Silverstripe uses TinyMCE which allows svg files linked in object tags
### Impact
TinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.
Note that `<embed>` tags are not allowed by default.
After patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.
We reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.
### References:
- https://www.silverstripe.org/download/security-releases/ss-2024-001
- https://github.com/advisories/GHSA-5359-pvf2-pw78 |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-52cw-pvq9-9m5v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kak1-btjp-kqgz |
|
| 27 |
| url |
VCID-kdyk-rrrr-pufw |
| vulnerability_id |
VCID-kdyk-rrrr-pufw |
| summary |
Information Exposure
Response discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12849 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45872 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45873 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45866 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45896 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45785 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45874 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45878 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.4585 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0023 |
| scoring_system |
epss |
| scoring_elements |
0.45822 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12849 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12849 |
| reference_id |
CVE-2017-12849 |
| reference_type |
|
| scores |
| 0 |
| value |
5.0 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2017-12849 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| purl |
pkg:composer/silverstripe/framework@3.5.5-beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.5 |
| purl |
pkg:composer/silverstripe/framework@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 34 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| purl |
pkg:composer/silverstripe/framework@3.6.1-alpha2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@3.6.1 |
| purl |
pkg:composer/silverstripe/framework@3.6.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 16 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 29 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1 |
|
|
| aliases |
CVE-2017-12849, GHSA-fwhr-g5r4-xgxf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdyk-rrrr-pufw |
|
| 28 |
| url |
VCID-krjm-ygks-wyct |
| vulnerability_id |
VCID-krjm-ygks-wyct |
| summary |
silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default.
SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and doesn't overwrite data on form construction.
Readonly and disabled form fields are already filtered out in Form->saveInto(), so maliciously submitted data on these fields doesn't make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
GHSA-97jm-g33h-f46g
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-krjm-ygks-wyct |
|
| 29 |
| url |
VCID-kvhv-9fj5-7kgk |
| vulnerability_id |
VCID-kvhv-9fj5-7kgk |
| summary |
Silverstripe Framework has a XSS via insert media remote file oembed
### Impact
When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.
## References
- https://www.silverstripe.org/download/security-releases/cve-2024-47605
## Reported by
James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47605 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88367 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.884 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88408 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88397 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88391 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88372 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0398 |
| scoring_system |
epss |
| scoring_elements |
0.88353 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-47605 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-47605, GHSA-7cmp-cgg8-4c82
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kvhv-9fj5-7kgk |
|
| 30 |
| url |
VCID-kw9p-5fbc-hudg |
| vulnerability_id |
VCID-kw9p-5fbc-hudg |
| summary |
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-74j9-xhqr-6qv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kw9p-5fbc-hudg |
|
| 31 |
| url |
VCID-kxa8-dmva-ayff |
| vulnerability_id |
VCID-kxa8-dmva-ayff |
| summary |
Quadratic blowup in Convert::xml2array()
Silverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41559 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57282 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57393 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57411 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57432 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57417 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57414 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57363 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57387 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00348 |
| scoring_system |
epss |
| scoring_elements |
0.57364 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-41559 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.10.9 |
| purl |
pkg:composer/silverstripe/framework@4.10.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 1 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 2 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 3 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 4 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 5 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 6 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 7 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 8 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 9 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 10 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 11 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 12 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 13 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 14 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 15 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 16 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 17 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9 |
|
| 1 |
|
|
| aliases |
CVE-2021-41559, GHSA-9fmg-89fx-r33w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kxa8-dmva-ayff |
|
| 32 |
| url |
VCID-p2kq-rkh6-ayeu |
| vulnerability_id |
VCID-p2kq-rkh6-ayeu |
| summary |
SilverStripe allowss Reflected SQL Injection through Form and `DataObject`. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55286 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5516 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.5526 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55283 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55264 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55315 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55316 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55327 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55305 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-5715 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5715 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2019-5715 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.7 |
| purl |
pkg:composer/silverstripe/framework@3.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pffp-vtk7-pqby |
|
| 23 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 27 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.3 |
| purl |
pkg:composer/silverstripe/framework@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 15 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 16 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 17 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 18 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 19 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 20 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 21 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 22 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 23 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 24 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 25 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 26 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 27 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.0.7 |
| purl |
pkg:composer/silverstripe/framework@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 13 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 14 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 15 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 23 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 28 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 29 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 30 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 31 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 32 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 33 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 34 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.1.5 |
| purl |
pkg:composer/silverstripe/framework@4.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.2.4 |
| purl |
pkg:composer/silverstripe/framework@4.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.3.1 |
| purl |
pkg:composer/silverstripe/framework@4.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-658d-vmwt-f7e8 |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 14 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 15 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 16 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 17 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 18 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 19 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 22 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 23 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 24 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 25 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 26 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 27 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 28 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 29 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 30 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 34 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 35 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1 |
|
|
| aliases |
CVE-2019-5715, GHSA-wvfw-w3x6-g526
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2kq-rkh6-ayeu |
|
| 33 |
| url |
VCID-pq29-qe7h-tkcp |
| vulnerability_id |
VCID-pq29-qe7h-tkcp |
| summary |
Silverstripe Flash Clipboard Reflected XSS
SilverStripe versions 3.0.0 until 4.3.5 and 4.4.4 are vulnerable to Flash Clipboard Reflected XSS. Versions 4.3.5 and 4.4.4 of `silverstripe/framework` and version 1.3.5 of `silverstripe/admin` contain a fix for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12205 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59302 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59338 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59228 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59356 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59373 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59353 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59341 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.5929 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00378 |
| scoring_system |
epss |
| scoring_elements |
0.59325 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12205 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12205, GHSA-rfvw-5848-gxc5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pq29-qe7h-tkcp |
|
| 34 |
| url |
VCID-qm38-1cwk-b3hq |
| vulnerability_id |
VCID-qm38-1cwk-b3hq |
| summary |
URL Redirection to Untrusted Site ('Open Redirect')
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22729 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49576 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49621 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49609 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49554 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49603 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00262 |
| scoring_system |
epss |
| scoring_elements |
0.49592 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-22729 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22729, GHSA-fw84-xgm8-9jmv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qm38-1cwk-b3hq |
|
| 35 |
| url |
VCID-tc2y-zrea-vyb2 |
| vulnerability_id |
VCID-tc2y-zrea-vyb2 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SilverStripe Framework suffers from a XSS vulnerablity. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36150 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.5896 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58857 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58932 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58954 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.5892 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58972 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58978 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58997 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00372 |
| scoring_system |
epss |
| scoring_elements |
0.58979 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36150 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.9.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 20 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 21 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.9.0 |
| purl |
pkg:composer/silverstripe/framework@4.9.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 6 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 7 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 8 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 9 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 10 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 11 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 12 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 13 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 14 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 15 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 16 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 17 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 18 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 19 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 20 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 21 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0 |
|
|
| aliases |
CVE-2021-36150, GHSA-j66h-cc96-c32q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tc2y-zrea-vyb2 |
|
| 36 |
| url |
VCID-tm1s-2m92-uyh9 |
| vulnerability_id |
VCID-tm1s-2m92-uyh9 |
| summary |
SilverStripe asset-admin Cross-site Scripting (XSS)
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14272 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57275 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57342 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57327 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57325 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57274 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57194 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57298 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57301 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00347 |
| scoring_system |
epss |
| scoring_elements |
0.57322 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14272 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-6xwk-ee7f-5ubd |
|
| 8 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 18 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 19 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 27 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 28 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 29 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 30 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 31 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 32 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 33 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 34 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 35 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 36 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 37 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 38 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 39 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 40 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 41 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 42 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 43 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 44 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 45 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 46 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 47 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 48 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nes-cr3m-j3dv |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 8 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 9 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 10 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 11 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 12 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 13 |
| vulnerability |
VCID-c75p-3hdz-q3b6 |
|
| 14 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 15 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 16 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 17 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-ff5q-59gf-nugg |
|
| 20 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 21 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 22 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 23 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 24 |
| vulnerability |
VCID-jx5m-bqc6-h3bv |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 27 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 28 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 29 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 30 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 31 |
| vulnerability |
VCID-kxyq-vg6e-6uac |
|
| 32 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-p554-wkxw-gfdh |
|
| 35 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 36 |
| vulnerability |
VCID-qak9-2t7g-w3fv |
|
| 37 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 38 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 39 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 40 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 41 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 42 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 43 |
| vulnerability |
VCID-xnb4-zjws-vuhu |
|
| 44 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 24 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 25 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 26 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 27 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 28 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tm1s-2m92-uyh9 |
|
| 37 |
| url |
VCID-tzmx-hfk2-7ufr |
| vulnerability_id |
VCID-tzmx-hfk2-7ufr |
| summary |
silverstripe/framework member disclosure in login form
There is a user ID enumeration vulnerability in our brute force error messages.
- Users that don't exist in will never get a locked out message
- Users that do exist, will get a locked out message
This means an attacker can infer or confirm user details that exist in the member table.
This issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.6 |
| purl |
pkg:composer/silverstripe/framework@3.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 3 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 4 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 5 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 6 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 7 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 23 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 24 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 25 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 26 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 27 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 28 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 29 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 30 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 31 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 32 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.4 |
| purl |
pkg:composer/silverstripe/framework@3.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 3 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 4 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 5 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 6 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 7 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 8 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 9 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 10 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 11 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 12 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 13 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 14 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 15 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 16 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 17 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 18 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 19 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 20 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 21 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 22 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 23 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 24 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 25 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 35 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4 |
|
|
| aliases |
GHSA-g84q-cq55-xwgp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tzmx-hfk2-7ufr |
|
| 38 |
| url |
VCID-u49v-31sv-eqc3 |
| vulnerability_id |
VCID-u49v-31sv-eqc3 |
| summary |
SilverStripe Denial of Service on flush and development URL tools
SilverStripe before 4.4.0 allows a Denial of Service on flush and development URL tools. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12246 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36415 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36359 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36352 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36331 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36283 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36448 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36225 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36301 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00156 |
| scoring_system |
epss |
| scoring_elements |
0.36322 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-12246 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 5 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 6 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 7 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 8 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 9 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 10 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 11 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 12 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 13 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 14 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 15 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 16 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 17 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 18 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 19 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 20 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 21 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 22 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 23 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 24 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 25 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 26 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 27 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 28 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 29 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.0 |
| purl |
pkg:composer/silverstripe/framework@4.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 1 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 2 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 3 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 4 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 5 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 6 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 7 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 8 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 9 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 10 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 11 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 12 |
| vulnerability |
VCID-cfgg-fgjt-z3hn |
|
| 13 |
| vulnerability |
VCID-d5q3-jrdb-euav |
|
| 14 |
| vulnerability |
VCID-dc9y-v257-6bhf |
|
| 15 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 16 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 17 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 18 |
| vulnerability |
VCID-ftdr-uzuh-8ybc |
|
| 19 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 20 |
| vulnerability |
VCID-gme6-wj87-ekfw |
|
| 21 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 22 |
| vulnerability |
VCID-kd3t-2gzd-q3hq |
|
| 23 |
| vulnerability |
VCID-kgm4-g26x-gken |
|
| 24 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 25 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 26 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 27 |
| vulnerability |
VCID-m8w1-g9h9-vuce |
|
| 28 |
| vulnerability |
VCID-qjgf-hxng-j3g9 |
|
| 29 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 30 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 31 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 32 |
| vulnerability |
VCID-ua49-snhx-dqa4 |
|
| 33 |
| vulnerability |
VCID-w4fh-cpaq-nqat |
|
| 34 |
| vulnerability |
VCID-xw77-b18v-8kc4 |
|
| 35 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0 |
|
|
| aliases |
CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u49v-31sv-eqc3 |
|
| 39 |
| url |
VCID-ya8k-c5s5-47gx |
| vulnerability_id |
VCID-ya8k-c5s5-47gx |
| summary |
XSS In page name
SilverStripe is vulnerable to XSS via the page name. For instance, page name `"><svg/onload=alert(/xss/)>` will trigger an XSS alert. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.4.4-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 25 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 26 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 27 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 28 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 29 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 30 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 31 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 32 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 33 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 34 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 35 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 36 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| purl |
pkg:composer/silverstripe/framework@3.5.2-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-71cx-seqr-3fh5 |
|
| 10 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 11 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 12 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 13 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 14 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 15 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 16 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 17 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 18 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 19 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 20 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 21 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 22 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 23 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 24 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 25 |
| vulnerability |
VCID-g3kz-796v-4qf1 |
|
| 26 |
| vulnerability |
VCID-j9tk-b3hv-q3c1 |
|
| 27 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 28 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 29 |
| vulnerability |
VCID-kh99-kpkt-pqdq |
|
| 30 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 31 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 32 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 33 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 34 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 35 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 36 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 37 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 38 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 39 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 40 |
| vulnerability |
VCID-v116-gayp-mbfu |
|
| 41 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1 |
|
|
| aliases |
SS-2017-001
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ya8k-c5s5-47gx |
|
| 40 |
| url |
VCID-yuer-yn1w-q3gw |
| vulnerability_id |
VCID-yuer-yn1w-q3gw |
| summary |
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
### Impact
A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.
The server-side sanitisation logic has been updated to sanitise against this type of attack.
### References
- https://www.silverstripe.org/download/security-releases/cve-2024-32981 |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32981 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.7749 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77545 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.7756 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77534 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77524 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77495 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.0105 |
| scoring_system |
epss |
| scoring_elements |
0.77515 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-32981 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-32981, GHSA-chx7-9x8h-r5mg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yuer-yn1w-q3gw |
|
| 41 |
| url |
VCID-z7fk-zbvh-quew |
| vulnerability_id |
VCID-z7fk-zbvh-quew |
| summary |
XSS In CMSSecurity BackURL
In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-016
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fk-zbvh-quew |
|
| 42 |
| url |
VCID-zxmh-xcvd-53fe |
| vulnerability_id |
VCID-zxmh-xcvd-53fe |
| summary |
ReadOnly transformation for formfields exploitable
Form fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.4.2 |
| purl |
pkg:composer/silverstripe/framework@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2f9j-ek3x-kbc5 |
|
| 1 |
| vulnerability |
VCID-2rbk-47h6-d7d8 |
|
| 2 |
| vulnerability |
VCID-3ydp-barm-5ya1 |
|
| 3 |
| vulnerability |
VCID-414d-7bfm-kud7 |
|
| 4 |
| vulnerability |
VCID-4f9c-aun4-wfep |
|
| 5 |
| vulnerability |
VCID-4x32-t75c-u3bj |
|
| 6 |
| vulnerability |
VCID-5pkg-j4wg-7fcn |
|
| 7 |
| vulnerability |
VCID-6du5-hdvd-fueb |
|
| 8 |
| vulnerability |
VCID-6epx-c68d-d7bv |
|
| 9 |
| vulnerability |
VCID-7dk3-gcup-2kc9 |
|
| 10 |
| vulnerability |
VCID-86yd-4mkt-hydr |
|
| 11 |
| vulnerability |
VCID-a3yc-fxa1-gfhy |
|
| 12 |
| vulnerability |
VCID-ab5z-bqka-xudb |
|
| 13 |
| vulnerability |
VCID-ajga-3b99-yugh |
|
| 14 |
| vulnerability |
VCID-axxx-gpfn-mqc9 |
|
| 15 |
| vulnerability |
VCID-bdcq-z11u-zyh5 |
|
| 16 |
| vulnerability |
VCID-bmqt-5ybj-kuf6 |
|
| 17 |
| vulnerability |
VCID-c3vp-kc9a-vkhn |
|
| 18 |
| vulnerability |
VCID-cdgj-bdpy-ukak |
|
| 19 |
| vulnerability |
VCID-eddc-w9wx-c3gq |
|
| 20 |
| vulnerability |
VCID-enkd-4y44-4ueq |
|
| 21 |
| vulnerability |
VCID-ete7-tupf-63c9 |
|
| 22 |
| vulnerability |
VCID-fpb7-5pwu-tyg5 |
|
| 23 |
| vulnerability |
VCID-fyxa-vzeq-ubeq |
|
| 24 |
| vulnerability |
VCID-j6ze-f76y-cqgy |
|
| 25 |
| vulnerability |
VCID-kak1-btjp-kqgz |
|
| 26 |
| vulnerability |
VCID-kdyk-rrrr-pufw |
|
| 27 |
| vulnerability |
VCID-kvhv-9fj5-7kgk |
|
| 28 |
| vulnerability |
VCID-kw9p-5fbc-hudg |
|
| 29 |
| vulnerability |
VCID-kxa8-dmva-ayff |
|
| 30 |
| vulnerability |
VCID-p2kq-rkh6-ayeu |
|
| 31 |
| vulnerability |
VCID-pq29-qe7h-tkcp |
|
| 32 |
| vulnerability |
VCID-qm38-1cwk-b3hq |
|
| 33 |
| vulnerability |
VCID-tc2y-zrea-vyb2 |
|
| 34 |
| vulnerability |
VCID-tm1s-2m92-uyh9 |
|
| 35 |
| vulnerability |
VCID-tzmx-hfk2-7ufr |
|
| 36 |
| vulnerability |
VCID-u49v-31sv-eqc3 |
|
| 37 |
| vulnerability |
VCID-ya8k-c5s5-47gx |
|
| 38 |
| vulnerability |
VCID-yuer-yn1w-q3gw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2 |
|
|
| aliases |
SS-2016-010
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zxmh-xcvd-53fe |
|