{"url":"http://public2.vulnerablecode.io/api/packages/31658?format=json","purl":"pkg:composer/silverstripe/framework@3.4.0-rc1","type":"composer","namespace":"silverstripe","name":"framework","version":"3.4.0-rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.10-stable","latest_non_vulnerable_version":"6.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361843?format=json","vulnerability_id":"VCID-16sj-atxu-mfh3","summary":"ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31642?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-010"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16sj-atxu-mfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/311416?format=json","vulnerability_id":"VCID-1e21-x465-abgz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57669","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-55up-67gu-n7hk"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-6yfj-bqk6-tbbm"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-ed23-mdzp-zqcs"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-frp8-zzqn-27ej"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gjrp-er99-rbed"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-sdny-sn1z-z7c4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-tcrk-kjpn-zkd9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-v8cg-45wc-vqe2"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1e21-x465-abgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361796?format=json","vulnerability_id":"VCID-1heu-12yv-fbaq","summary":"Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-014"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1heu-12yv-fbaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205034?format=json","vulnerability_id":"VCID-3ftm-1ytk-77ee","summary":"Broken access control on files","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56826","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"CVE-2019-14273.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f","reference_id":"GHSA-43jj-2rwc-2m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-55up-67gu-n7hk"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-6yfj-bqk6-tbbm"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-ed23-mdzp-zqcs"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-frp8-zzqn-27ej"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gjrp-er99-rbed"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-sdny-sn1z-z7c4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-tcrk-kjpn-zkd9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-v8cg-45wc-vqe2"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ftm-1ytk-77ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361800?format=json","vulnerability_id":"VCID-3npf-1y4p-rye8","summary":"XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3npf-1y4p-rye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/290982?format=json","vulnerability_id":"VCID-3p33-cbc6-vkgt","summary":"","references":[{"reference_url":"http://lists.openwall.net/full-disclosure/2017/09/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openwall.net/full-disclosure/2017/09/14/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5956","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498"},{"reference_url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"},{"reference_url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498"},{"reference_url":"https://github.com/advisories/GHSA-j696-6m57-mcrv","reference_id":"GHSA-j696-6m57-mcrv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j696-6m57-mcrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417195?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/389484?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-14498","GHSA-j696-6m57-mcrv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3p33-cbc6-vkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44558?format=json","vulnerability_id":"VCID-436b-s848-ske3","summary":"Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"0.01452","scoring_system":"epss","scoring_elements":"0.81224","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00","reference_id":"74904f539347b7d1f8c5b5fb9e28d62ff251ee00","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277","reference_id":"cve-2024-53277","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277"},{"reference_url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"GHSA-ff6q-3c9c-6cf5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"GHSA-ff6q-3c9c-6cf5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377030?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-qw2u-5zmm-ckac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/773611?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-53277","GHSA-ff6q-3c9c-6cf5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-436b-s848-ske3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149523?format=json","vulnerability_id":"VCID-445u-qqe9-gbch","summary":"Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.173","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58","reference_id":"fd5d8217e83768d7bf841e94b2d4d82642d5bc58","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58"},{"reference_url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379495?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22728","GHSA-jh3w-6jp2-vqqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-445u-qqe9-gbch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/294924?format=json","vulnerability_id":"VCID-47ty-3bfn-1bdz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50253","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197"},{"reference_url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96572"},{"reference_url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h","reference_id":"GHSA-xmjh-wjc5-wg4h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388921?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31668?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/388922?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31669?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2017-5197","GHSA-xmjh-wjc5-wg4h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ty-3bfn-1bdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361794?format=json","vulnerability_id":"VCID-6t4j-bhja-muge","summary":"Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t4j-bhja-muge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/326353?format=json","vulnerability_id":"VCID-6u99-zfaw-h7ha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44238","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136"},{"reference_url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2","reference_id":"GHSA-mg2g-8pwj-r2j2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"}],"aliases":["CVE-2020-26136","GHSA-mg2g-8pwj-r2j2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6u99-zfaw-h7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/338253?format=json","vulnerability_id":"VCID-7aww-xedy-23b8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37838","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31669?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aww-xedy-23b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361061?format=json","vulnerability_id":"VCID-7us5-kn2v-pbc6","summary":"Silverstripe Framework: Members with no password can be created and bypass custom login forms\nWhen a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with the empty password. Starting with this release, blank passwords are no no longer allowed when members are created in the CMS. Programatically created `Member` records, such as those used in unit tests, still allow blank passwords. You may have some `Member` records in your system already which have empty passwords. To detect these, you can loop over all `Member` records with `Member::get()` and pass each record into the below method. It might be sensible to create a [`BuildTask`](https://api.silverstripe.org/5/SilverStripe/Dev/BuildTask.html) for this purpose.\n  ```php\n    private function memberHasBlankPassword(Member $member): bool\n    {\n        // skip default admin as this is created programatically\n        if ($member->isDefaultAdmin()) {\n            return false;\n        }\n        // return true if a blank password is valid for this member\n        $authenticator = new MemberAuthenticator();\n        return $authenticator->checkPassword($member, '')->isValid();\n    }\n  ```\n  Once you have identified the records with empty passwords, it's up to you how to handle this. The most sensible way to resolve this is probably to generate a new secure password for each of these members, mark it as immediately expired, and email each affected member (assuming they have a valid email address in the system).\n\nUsers would need to opt-in to insecure behavior by using a configuration which allowed for empty passwords. These configurations are not expected and hence this advisory is primarily informational in nature.\n\nReported by: [Sabina Talipova](https://www.silverstripe.com/about-us/team/?member=sabina-talipova) from Silverstripe and [Christian Bünte](https://github.com/bimthebam)","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml"},{"reference_url":"https://github.com/github/advisory-database/pull/2575","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/2575"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302"},{"reference_url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"GHSA-36xx-7vf6-7mv3","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381371?format=json","purl":"pkg:composer/silverstripe/framework@4.13.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14"},{"url":"http://public2.vulnerablecode.io/api/packages/381372?format=json","purl":"pkg:composer/silverstripe/framework@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13"}],"aliases":["CVE-2023-32302","GHSA-36xx-7vf6-7mv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7us5-kn2v-pbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310438?format=json","vulnerability_id":"VCID-8j7g-u2z1-1ycb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59742","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"},{"reference_url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5","reference_id":"GHSA-rfvw-5848-gxc5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8j7g-u2z1-1ycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149723?format=json","vulnerability_id":"VCID-9man-5bj8-e7fm","summary":"Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42339","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77","reference_id":"1a5bb4cbece1721203977910b8ecd8b79c18dc77","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77"},{"reference_url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379495?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22729","GHSA-fw84-xgm8-9jmv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9man-5bj8-e7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361801?format=json","vulnerability_id":"VCID-ar2g-6kqd-vqc1","summary":"Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar2g-6kqd-vqc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211955?format=json","vulnerability_id":"VCID-bwmh-5pgt-r3g8","summary":"silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-003"},{"reference_url":"https://github.com/advisories/GHSA-pp7q-6j3f-74vj","reference_id":"GHSA-pp7q-6j3f-74vj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp7q-6j3f-74vj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31665?format=json","purl":"pkg:composer/silverstripe/framework@3.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/31667?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-pp7q-6j3f-74vj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwmh-5pgt-r3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211949?format=json","vulnerability_id":"VCID-ch84-pusj-17gd","summary":"silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-014-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/d1163d87b70e3e147f22a1e423b9f70f6fd85e8f"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-014","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-014"},{"reference_url":"https://github.com/advisories/GHSA-5r8w-66hq-rc39","reference_id":"GHSA-5r8w-66hq-rc39","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r8w-66hq-rc39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-5r8w-66hq-rc39"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ch84-pusj-17gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310447?format=json","vulnerability_id":"VCID-cma7-m5y5-juhw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15754?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cma7-m5y5-juhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361795?format=json","vulnerability_id":"VCID-e78h-yv8k-4qbs","summary":"VersionedRequestFilter vulnerability\nA cross-site scripting vulnerability in `VersionedRequestFilter` has been found. If an incoming user request should not be able to access the requested stage, an error message is created for display on the CMS login page that they are redirected to. In this error message, the URL of the requested page is interpolated into the error message without being escaped; hence, arbitrary HTML can be injected into the CMS login page.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-007/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-007"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e78h-yv8k-4qbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211946?format=json","vulnerability_id":"VCID-et9c-tk3x-3ucy","summary":"silverstripe/framework password encryption salt not updated","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-008-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/08384bb4d6b98c44388ffb4727c317ed14fe3c81"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-008","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-008"},{"reference_url":"https://github.com/advisories/GHSA-f3wp-xpv2-6vmg","reference_id":"GHSA-f3wp-xpv2-6vmg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f3wp-xpv2-6vmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-f3wp-xpv2-6vmg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-et9c-tk3x-3ucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207680?format=json","vulnerability_id":"VCID-f2eh-56eb-pydf","summary":"Business Logic Errors in SilverStripe Framework","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2"},{"reference_url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227","reference_id":"CVE-2022-0227","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227"},{"reference_url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8","reference_id":"GHSA-32m2-9f76-4gv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18941?format=json","purl":"pkg:composer/silverstripe/framework@4.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1"}],"aliases":["CVE-2022-0227","GHSA-32m2-9f76-4gv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2eh-56eb-pydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361842?format=json","vulnerability_id":"VCID-fgbz-nak8-r3ba","summary":"XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31642?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgbz-nak8-r3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204246?format=json","vulnerability_id":"VCID-g6a1-jazp-mufn","summary":"Session fixation in change password form","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"CVE-2019-12203.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15763?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15761?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6a1-jazp-mufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211948?format=json","vulnerability_id":"VCID-gb7n-wpb6-xfdq","summary":"silverstripe/framework missing ACL on reports","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-012-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-012","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-012"},{"reference_url":"https://github.com/advisories/GHSA-52cx-hpc5-cxwc","reference_id":"GHSA-52cx-hpc5-cxwc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52cx-hpc5-cxwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-52cx-hpc5-cxwc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gb7n-wpb6-xfdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292636?format=json","vulnerability_id":"VCID-gcht-uaeq-nkc9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.438","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420594?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31673?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/420597?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/31675?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-55up-67gu-n7hk"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-6yfj-bqk6-tbbm"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-ed23-mdzp-zqcs"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-frp8-zzqn-27ej"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gjrp-er99-rbed"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-sdny-sn1z-z7c4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-tcrk-kjpn-zkd9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-v8cg-45wc-vqe2"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31679?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-55up-67gu-n7hk"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-6yfj-bqk6-tbbm"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-frp8-zzqn-27ej"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gjrp-er99-rbed"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-sdny-sn1z-z7c4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-tcrk-kjpn-zkd9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-v8cg-45wc-vqe2"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcht-uaeq-nkc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341292?format=json","vulnerability_id":"VCID-gr26-gwtr-eqa1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59375","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150"},{"reference_url":"https://github.com/advisories/GHSA-j66h-cc96-c32q","reference_id":"GHSA-j66h-cc96-c32q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j66h-cc96-c32q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518159?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/391762?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0"}],"aliases":["CVE-2021-36150","GHSA-j66h-cc96-c32q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr26-gwtr-eqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211950?format=json","vulnerability_id":"VCID-gv3v-n8wh-83c6","summary":"silverstripe/framework's `Member.Name` is not escaped","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-013-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8bbf1caae665a07b3e44e8d5d32556a03d38c296"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-013","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-013"},{"reference_url":"https://github.com/advisories/GHSA-r9vp-fp72-xgf7","reference_id":"GHSA-r9vp-fp72-xgf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r9vp-fp72-xgf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-r9vp-fp72-xgf7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv3v-n8wh-83c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/313756?format=json","vulnerability_id":"VCID-hmxb-equc-1bau","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43448","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326"},{"reference_url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m","reference_id":"GHSA-q9ff-3q93-fm8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385385?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/385152?format=json","purl":"pkg:composer/silverstripe/framework@4.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385153?format=json","purl":"pkg:composer/silverstripe/framework@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4"}],"aliases":["CVE-2019-19326","GHSA-q9ff-3q93-fm8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmxb-equc-1bau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146433?format=json","vulnerability_id":"VCID-jbrw-8yw5-u7ay","summary":"Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45506","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714","reference_id":"CVE-2023-48714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714","reference_id":"CVE-2023-48714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml","reference_id":"CVE-2023-48714.YAML","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"GHSA-qm2j-qvq3-j29v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"GHSA-qm2j-qvq3-j29v","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28527?format=json","purl":"pkg:composer/silverstripe/framework@4.13.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39"},{"url":"http://public2.vulnerablecode.io/api/packages/28526?format=json","purl":"pkg:composer/silverstripe/framework@5.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11"}],"aliases":["CVE-2023-48714","GHSA-qm2j-qvq3-j29v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbrw-8yw5-u7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212192?format=json","vulnerability_id":"VCID-kjha-tu3x-pkae","summary":"Silverstripe uses TinyMCE which allows svg files linked in object tags","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-001","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-001"},{"reference_url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"GHSA-52cw-pvq9-9m5v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"GHSA-52cw-pvq9-9m5v","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v"},{"reference_url":"https://github.com/advisories/GHSA-5359-pvf2-pw78","reference_id":"GHSA-5359-pvf2-pw78","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5359-pvf2-pw78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32674?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["GHSA-52cw-pvq9-9m5v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjha-tu3x-pkae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361999?format=json","vulnerability_id":"VCID-kkpx-3pyp-zkc3","summary":"XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388921?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/388922?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"}],"aliases":["SS-2017-001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkpx-3pyp-zkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211951?format=json","vulnerability_id":"VCID-mqke-3sg4-x3bq","summary":"silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-015-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/b0ba2015d9684ee7b124dafcf6b59b046e20f8ed"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-015","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-015"},{"reference_url":"https://github.com/advisories/GHSA-468j-6jrc-2rjx","reference_id":"GHSA-468j-6jrc-2rjx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-468j-6jrc-2rjx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-468j-6jrc-2rjx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqke-3sg4-x3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360569?format=json","vulnerability_id":"VCID-mwy1-dxrm-5qes","summary":"Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.\n\n## References\n\n- https://www.silverstripe.org/download/security-releases/ss-2024-002\n\n## Reported by\n\nGaurav Nayak from [Chaleit](https://chaleit.com/)","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"GHSA-mqf3-qpc3-g26q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377030?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-qw2u-5zmm-ckac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/773611?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["GHSA-mqf3-qpc3-g26q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwy1-dxrm-5qes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/290313?format=json","vulnerability_id":"VCID-pmed-zcng-eqa7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf","reference_id":"GHSA-fwhr-g5r4-xgxf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417971?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/31677?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/417195?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/389484?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vaw1-v4hd-3qe1"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-12849","GHSA-fwhr-g5r4-xgxf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmed-zcng-eqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211954?format=json","vulnerability_id":"VCID-q3ej-614f-t7fz","summary":"silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-016-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6b123fe1c93d3ac976f484192abc31cad4f81d47"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016"},{"reference_url":"https://github.com/advisories/GHSA-r85g-7jpv-8xrx","reference_id":"GHSA-r85g-7jpv-8xrx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r85g-7jpv-8xrx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31642?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["GHSA-r85g-7jpv-8xrx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3ej-614f-t7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167867?format=json","vulnerability_id":"VCID-q5tn-heja-1uen","summary":"Silverstripe silverstripe/cms through 4.11.0 allows XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55617","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421","reference_id":"CVE-2022-37421","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421","reference_id":"CVE-2022-37421","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421","reference_id":"CVE-2022-37421","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml","reference_id":"CVE-2022-37421.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf","reference_id":"GHSA-pp74-g2q5-j4jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"release","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"security-releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/597956?format=json","purl":"pkg:composer/silverstripe/framework@4.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3"}],"aliases":["CVE-2022-37421","GHSA-pp74-g2q5-j4jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5tn-heja-1uen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90146?format=json","vulnerability_id":"VCID-qw2u-5zmm-ckac","summary":"Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45252","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/pull/11682","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/pull/11682"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148","reference_id":"cve-2025-30148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358","reference_id":"e99cfd62d160d145a76fcf9631e6b11226e42358","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358"},{"reference_url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387","reference_id":"GHSA-rhx4-hvx9-j387","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387","reference_id":"GHSA-rhx4-hvx9-j387","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376401?format=json","purl":"pkg:composer/silverstripe/framework@5.3.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23"}],"aliases":["CVE-2025-30148","GHSA-rhx4-hvx9-j387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qw2u-5zmm-ckac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208604?format=json","vulnerability_id":"VCID-rh6g-dz5w-h7a4","summary":"FormField with square brackets in field name skips validation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52973","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/","reference_id":"CVE-2020-26138","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml","reference_id":"CVE-2020-26138.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44","reference_id":"GHSA-7mv4-4xpg-xq44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19861?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-26138","GHSA-7mv4-4xpg-xq44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh6g-dz5w-h7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58159?format=json","vulnerability_id":"VCID-su5y-y12y-y3b9","summary":"silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"0.07112","scoring_system":"epss","scoring_elements":"0.91729","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a","reference_id":"09b5052c86932f273e0d733428c9aade70ff2a4a","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605","reference_id":"cve-2024-47605","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt","reference_id":"CVE-2024-47605","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt"},{"reference_url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"GHSA-7cmp-cgg8-4c82","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82"},{"reference_url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"GHSA-7cmp-cgg8-4c82","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377030?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-qw2u-5zmm-ckac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/773611?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-47605","GHSA-7cmp-cgg8-4c82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su5y-y12y-y3b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310547?format=json","vulnerability_id":"VCID-tbhq-fnaq-gubs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhq-fnaq-gubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/316750?format=json","vulnerability_id":"VCID-uk5a-ha6p-vkbq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385956?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385958?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/385957?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385959?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/385960?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385961?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-ha6p-vkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210435?format=json","vulnerability_id":"VCID-uyuz-1bws-rkht","summary":"SilverStripe XXE Vulnerability in CSSContentParser","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57751","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817","reference_id":"CVE-2020-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817","reference_id":"CVE-2021-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817"},{"reference_url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8","reference_id":"GHSA-3vjc-5x79-m9r8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19861?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-25817","GHSA-3vjc-5x79-m9r8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuz-1bws-rkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210935?format=json","vulnerability_id":"VCID-vkxb-qh8t-63f2","summary":"Quadratic blowup in Convert::xml2array()","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57752","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559","reference_id":"CVE-2021-41559","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559","reference_id":"CVE-2021-41559","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml","reference_id":"CVE-2021-41559.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w","reference_id":"GHSA-9fmg-89fx-r33w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25120?format=json","purl":"pkg:composer/silverstripe/framework@4.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/574589?format=json","purl":"pkg:composer/silverstripe/framework@4.11.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1"}],"aliases":["CVE-2021-41559","GHSA-9fmg-89fx-r33w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkxb-qh8t-63f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/331953?format=json","vulnerability_id":"VCID-vnbm-fq6d-3uax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5728","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311"},{"reference_url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x","reference_id":"GHSA-2pw2-qpcp-m47x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385385?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"}],"aliases":["CVE-2020-9311","GHSA-2pw2-qpcp-m47x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnbm-fq6d-3uax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361798?format=json","vulnerability_id":"VCID-vtqk-4b3k-vbd6","summary":"Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-008"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtqk-4b3k-vbd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204247?format=json","vulnerability_id":"VCID-vx3f-ny91-1fff","summary":"Lack of access control on upoaded files","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49109","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15763?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-me4v-9ws9-2ybz"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15761?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15766?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3f-ny91-1fff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204248?format=json","vulnerability_id":"VCID-wntr-v8fx-3ycx","summary":"SilverStripe Priviledge escalation through cache pollution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"CVE-2019-12617.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-6eqf-7qyv-zuas"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-ug8p-6ny6-fkas"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x5m3-hm2b-b3bc"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wntr-v8fx-3ycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211947?format=json","vulnerability_id":"VCID-wuns-qx3r-z7dk","summary":"silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2016-011-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/782c18fd13b9fb92707d0ea3b231023204928297"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-011","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-011"},{"reference_url":"https://github.com/advisories/GHSA-p5h2-vr99-xm99","reference_id":"GHSA-p5h2-vr99-xm99","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5h2-vr99-xm99"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31640?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16sj-atxu-mfh3"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8s6r-7den-zbcc"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-fgbz-nak8-r3ba"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q3ej-614f-t7fz"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-y4kh-5j74-kbc7"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"}],"aliases":["GHSA-p5h2-vr99-xm99"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wuns-qx3r-z7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360577?format=json","vulnerability_id":"VCID-wxzb-brfu-pugq","summary":"Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3","reference_id":"GHSA-74j9-xhqr-6qv3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377030?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-qw2u-5zmm-ckac"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"}],"aliases":["GHSA-74j9-xhqr-6qv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzb-brfu-pugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211952?format=json","vulnerability_id":"VCID-x4mn-6wz2-5qdn","summary":"silverstripe/framework member disclosure in login form","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-002"},{"reference_url":"https://github.com/advisories/GHSA-g84q-cq55-xwgp","reference_id":"GHSA-g84q-cq55-xwgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g84q-cq55-xwgp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31665?format=json","purl":"pkg:composer/silverstripe/framework@3.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/31667?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-g84q-cq55-xwgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mn-6wz2-5qdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361797?format=json","vulnerability_id":"VCID-xsaj-95an-yyeg","summary":"ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388682?format=json","purl":"pkg:composer/silverstripe/framework@3.4.10-stable","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable"},{"url":"http://public2.vulnerablecode.io/api/packages/409055?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-011"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsaj-95an-yyeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211953?format=json","vulnerability_id":"VCID-y4kh-5j74-kbc7","summary":"silverstripe/framework has Cross-site Scripting vulnerability in page name","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001"},{"reference_url":"https://github.com/advisories/GHSA-hhvj-mcrx-3vcf","reference_id":"GHSA-hhvj-mcrx-3vcf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhvj-mcrx-3vcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31668?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/31669?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-bwmh-5pgt-r3g8"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-x4mn-6wz2-5qdn"},{"vulnerability":"VCID-zs7c-hvg3-f3hs"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["GHSA-hhvj-mcrx-3vcf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4kh-5j74-kbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211956?format=json","vulnerability_id":"VCID-zs7c-hvg3-f3hs","summary":"silverstripe/framework has Cross-site Scripting vulnerability in page history comparison","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-004"},{"reference_url":"https://github.com/advisories/GHSA-c4c3-j73v-634r","reference_id":"GHSA-c4c3-j73v-634r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4c3-j73v-634r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31665?format=json","purl":"pkg:composer/silverstripe/framework@3.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/31667?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ju-ufg2-kkfy"},{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-445u-qqe9-gbch"},{"vulnerability":"VCID-5n9u-ktxq-4ffq"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7us5-kn2v-pbc6"},{"vulnerability":"VCID-84zx-d8vf-8khm"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-8rc6-pj1w-gydx"},{"vulnerability":"VCID-9man-5bj8-e7fm"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-hmxb-equc-1bau"},{"vulnerability":"VCID-jbrw-8yw5-u7ay"},{"vulnerability":"VCID-kjha-tu3x-pkae"},{"vulnerability":"VCID-meba-n1px-8bc1"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-q5tn-heja-1uen"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vkxb-qh8t-63f2"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"},{"vulnerability":"VCID-wxzb-brfu-pugq"},{"vulnerability":"VCID-zsfa-jtt7-7fhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-c4c3-j73v-634r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zs7c-hvg3-f3hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52954?format=json","vulnerability_id":"VCID-zsfa-jtt7-7fhr","summary":"Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981","reference_id":"","reference_type":"","scores":[{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.77956","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1","reference_id":"b8d20dc9d531550e06fd7da7a0eafa551922e2e1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981","reference_id":"cve-2024-32981","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981","reference_id":"CVE-2024-32981","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml","reference_id":"CVE-2024-32981.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml"},{"reference_url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"GHSA-chx7-9x8h-r5mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"GHSA-chx7-9x8h-r5mg","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32674?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-436b-s848-ske3"},{"vulnerability":"VCID-533n-8rjm-k7ct"},{"vulnerability":"VCID-mwy1-dxrm-5qes"},{"vulnerability":"VCID-qw2u-5zmm-ckac"},{"vulnerability":"VCID-su5y-y12y-y3b9"},{"vulnerability":"VCID-wxzb-brfu-pugq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["CVE-2024-32981","GHSA-chx7-9x8h-r5mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsfa-jtt7-7fhr"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.0-rc1"}