| 0 |
| url |
VCID-1e21-x465-abgz |
| vulnerability_id |
VCID-1e21-x465-abgz |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-55up-67gu-n7hk |
|
| 4 |
| vulnerability |
VCID-5n9u-ktxq-4ffq |
|
| 5 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 6 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 7 |
| vulnerability |
VCID-6yfj-bqk6-tbbm |
|
| 8 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 9 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 10 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 11 |
| vulnerability |
VCID-8rc6-pj1w-gydx |
|
| 12 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 13 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 14 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 15 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 16 |
| vulnerability |
VCID-ed23-mdzp-zqcs |
|
| 17 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 18 |
| vulnerability |
VCID-frp8-zzqn-27ej |
|
| 19 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 20 |
| vulnerability |
VCID-gjrp-er99-rbed |
|
| 21 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 22 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 23 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 24 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 25 |
| vulnerability |
VCID-meba-n1px-8bc1 |
|
| 26 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 27 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 28 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 29 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 30 |
| vulnerability |
VCID-sdny-sn1z-z7c4 |
|
| 31 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 32 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 33 |
| vulnerability |
VCID-tcrk-kjpn-zkd9 |
|
| 34 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 35 |
| vulnerability |
VCID-uk5a-ha6p-vkbq |
|
| 36 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 37 |
| vulnerability |
VCID-v8cg-45wc-vqe2 |
|
| 38 |
| vulnerability |
VCID-vaw1-v4hd-3qe1 |
|
| 39 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 40 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 41 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 42 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 43 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 44 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14272, GHSA-jgw2-f5mx-rg7h
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1e21-x465-abgz |
|
| 1 |
| url |
VCID-3ftm-1ytk-77ee |
| vulnerability_id |
VCID-3ftm-1ytk-77ee |
| summary |
Broken access control on files |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| purl |
pkg:composer/silverstripe/framework@4.0.1-rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-55up-67gu-n7hk |
|
| 4 |
| vulnerability |
VCID-5n9u-ktxq-4ffq |
|
| 5 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 6 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 7 |
| vulnerability |
VCID-6yfj-bqk6-tbbm |
|
| 8 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 9 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 10 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 11 |
| vulnerability |
VCID-8rc6-pj1w-gydx |
|
| 12 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 13 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 14 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 15 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 16 |
| vulnerability |
VCID-ed23-mdzp-zqcs |
|
| 17 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 18 |
| vulnerability |
VCID-frp8-zzqn-27ej |
|
| 19 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 20 |
| vulnerability |
VCID-gjrp-er99-rbed |
|
| 21 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 22 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 23 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 24 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 25 |
| vulnerability |
VCID-meba-n1px-8bc1 |
|
| 26 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 27 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 28 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 29 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 30 |
| vulnerability |
VCID-sdny-sn1z-z7c4 |
|
| 31 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 32 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 33 |
| vulnerability |
VCID-tcrk-kjpn-zkd9 |
|
| 34 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 35 |
| vulnerability |
VCID-uk5a-ha6p-vkbq |
|
| 36 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 37 |
| vulnerability |
VCID-v8cg-45wc-vqe2 |
|
| 38 |
| vulnerability |
VCID-vaw1-v4hd-3qe1 |
|
| 39 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 40 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 41 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 42 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 43 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 44 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-14273, GHSA-43jj-2rwc-2m3f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ftm-1ytk-77ee |
|
| 2 |
| url |
VCID-436b-s848-ske3 |
| vulnerability_id |
VCID-436b-s848-ske3 |
| summary |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-436b-s848-ske3 |
|
| 3 |
| url |
VCID-445u-qqe9-gbch |
| vulnerability_id |
VCID-445u-qqe9-gbch |
| summary |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-445u-qqe9-gbch |
|
| 4 |
|
| 5 |
| url |
VCID-7us5-kn2v-pbc6 |
| vulnerability_id |
VCID-7us5-kn2v-pbc6 |
| summary |
Silverstripe Framework: Members with no password can be created and bypass custom login forms
When a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with the empty password. Starting with this release, blank passwords are no no longer allowed when members are created in the CMS. Programatically created `Member` records, such as those used in unit tests, still allow blank passwords. You may have some `Member` records in your system already which have empty passwords. To detect these, you can loop over all `Member` records with `Member::get()` and pass each record into the below method. It might be sensible to create a [`BuildTask`](https://api.silverstripe.org/5/SilverStripe/Dev/BuildTask.html) for this purpose.
```php
private function memberHasBlankPassword(Member $member): bool
{
// skip default admin as this is created programatically
if ($member->isDefaultAdmin()) {
return false;
}
// return true if a blank password is valid for this member
$authenticator = new MemberAuthenticator();
return $authenticator->checkPassword($member, '')->isValid();
}
```
Once you have identified the records with empty passwords, it's up to you how to handle this. The most sensible way to resolve this is probably to generate a new secure password for each of these members, mark it as immediately expired, and email each affected member (assuming they have a valid email address in the system).
Users would need to opt-in to insecure behavior by using a configuration which allowed for empty passwords. These configurations are not expected and hence this advisory is primarily informational in nature.
Reported by: [Sabina Talipova](https://www.silverstripe.com/about-us/team/?member=sabina-talipova) from Silverstripe and [Christian Bünte](https://github.com/bimthebam) |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-32302, GHSA-36xx-7vf6-7mv3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7us5-kn2v-pbc6 |
|
| 6 |
| url |
VCID-8j7g-u2z1-1ycb |
| vulnerability_id |
VCID-8j7g-u2z1-1ycb |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12205, GHSA-rfvw-5848-gxc5
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8j7g-u2z1-1ycb |
|
| 7 |
| url |
VCID-9man-5bj8-e7fm |
| vulnerability_id |
VCID-9man-5bj8-e7fm |
| summary |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22729, GHSA-fw84-xgm8-9jmv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9man-5bj8-e7fm |
|
| 8 |
| url |
VCID-cma7-m5y5-juhw |
| vulnerability_id |
VCID-cma7-m5y5-juhw |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.0 |
| purl |
pkg:composer/silverstripe/framework@4.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 1 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 2 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 9 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 10 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 11 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 12 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 13 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 14 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 15 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 16 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 17 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 18 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 19 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 20 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 21 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 22 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 23 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 24 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 25 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 26 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 27 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 28 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 29 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 30 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0 |
|
|
| aliases |
CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cma7-m5y5-juhw |
|
| 9 |
|
| 10 |
| url |
VCID-g6a1-jazp-mufn |
| vulnerability_id |
VCID-g6a1-jazp-mufn |
| summary |
Session fixation in change password form |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-me4v-9ws9-2ybz |
|
| 16 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 17 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 18 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 19 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 20 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 21 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 22 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 23 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 24 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 25 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 26 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 27 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 28 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 24 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 25 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 26 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 27 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6a1-jazp-mufn |
|
| 11 |
|
| 12 |
| url |
VCID-hmxb-equc-1bau |
| vulnerability_id |
VCID-hmxb-equc-1bau |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.5 |
| purl |
pkg:composer/silverstripe/framework@3.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 3 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 4 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 5 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 6 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 7 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 8 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 9 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 10 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 11 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 12 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 9 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 10 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 11 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 12 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 13 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 14 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 15 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 16 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 17 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 18 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 19 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 20 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 21 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 22 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 7 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 8 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 9 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 10 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 11 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 12 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 13 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 14 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 15 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 16 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 17 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 18 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 19 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 20 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 21 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2019-19326, GHSA-q9ff-3q93-fm8m
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hmxb-equc-1bau |
|
| 13 |
| url |
VCID-jbrw-8yw5-u7ay |
| vulnerability_id |
VCID-jbrw-8yw5-u7ay |
| summary |
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-48714, GHSA-qm2j-qvq3-j29v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jbrw-8yw5-u7ay |
|
| 14 |
|
| 15 |
| url |
VCID-me4v-9ws9-2ybz |
| vulnerability_id |
VCID-me4v-9ws9-2ybz |
| summary |
silverstripe/framework sends passwords back to browsers under some circumstances |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.7.0 |
| purl |
pkg:composer/silverstripe/framework@3.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-55up-67gu-n7hk |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 12 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 13 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 14 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 15 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 16 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 17 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 18 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 19 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 20 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 21 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 22 |
| vulnerability |
VCID-uk5a-ha6p-vkbq |
|
| 23 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 24 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 25 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 26 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 27 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 28 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 29 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.0.4 |
| purl |
pkg:composer/silverstripe/framework@4.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-55up-67gu-n7hk |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-frp8-zzqn-27ej |
|
| 15 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 16 |
| vulnerability |
VCID-gjrp-er99-rbed |
|
| 17 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 18 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 19 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 20 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 21 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 22 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 23 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 24 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 25 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 26 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 27 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 28 |
| vulnerability |
VCID-uk5a-ha6p-vkbq |
|
| 29 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 30 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 31 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 32 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 33 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 34 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 35 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.1.1 |
| purl |
pkg:composer/silverstripe/framework@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-55up-67gu-n7hk |
|
| 5 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 6 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 7 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 8 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 9 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 10 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 11 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 12 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 13 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 14 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 15 |
| vulnerability |
VCID-frp8-zzqn-27ej |
|
| 16 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 17 |
| vulnerability |
VCID-gjrp-er99-rbed |
|
| 18 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 19 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 20 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 21 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 22 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 23 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 24 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 25 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 26 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 27 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 28 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 29 |
| vulnerability |
VCID-uk5a-ha6p-vkbq |
|
| 30 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 31 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 32 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 33 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 34 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 35 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 36 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.1 |
|
|
| aliases |
GHSA-vh7q-j8p5-2h4h
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-me4v-9ws9-2ybz |
|
| 16 |
| url |
VCID-mwy1-dxrm-5qes |
| vulnerability_id |
VCID-mwy1-dxrm-5qes |
| summary |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
## References
- https://www.silverstripe.org/download/security-releases/ss-2024-002
## Reported by
Gaurav Nayak from [Chaleit](https://chaleit.com/) |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-mqf3-qpc3-g26q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mwy1-dxrm-5qes |
|
| 17 |
|
| 18 |
| url |
VCID-qw2u-5zmm-ckac |
| vulnerability_id |
VCID-qw2u-5zmm-ckac |
| summary |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-30148, GHSA-rhx4-hvx9-j387
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qw2u-5zmm-ckac |
|
| 19 |
| url |
VCID-rh6g-dz5w-h7a4 |
| vulnerability_id |
VCID-rh6g-dz5w-h7a4 |
| summary |
FormField with square brackets in field name skips validation |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-26138, GHSA-7mv4-4xpg-xq44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rh6g-dz5w-h7a4 |
|
| 20 |
| url |
VCID-su5y-y12y-y3b9 |
| vulnerability_id |
VCID-su5y-y12y-y3b9 |
| summary |
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47605, GHSA-7cmp-cgg8-4c82
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-su5y-y12y-y3b9 |
|
| 21 |
| url |
VCID-tbhq-fnaq-gubs |
| vulnerability_id |
VCID-tbhq-fnaq-gubs |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
|
| aliases |
CVE-2019-12437, GHSA-fx37-56v6-85q6
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhq-fnaq-gubs |
|
| 22 |
| url |
VCID-uk5a-ha6p-vkbq |
| vulnerability_id |
VCID-uk5a-ha6p-vkbq |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.7 |
| purl |
pkg:composer/silverstripe/framework@3.6.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-me4v-9ws9-2ybz |
|
| 16 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 17 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 18 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 19 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 20 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 21 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 22 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 23 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 24 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 25 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 26 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 27 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 28 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.3 |
| purl |
pkg:composer/silverstripe/framework@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 24 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 25 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 26 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 27 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.0.7 |
| purl |
pkg:composer/silverstripe/framework@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 8 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 9 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 10 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 11 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 12 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 13 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 14 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 15 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 16 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 17 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 18 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 19 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 20 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 21 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 22 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 23 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 24 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 25 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 26 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 27 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 28 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 29 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 30 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 31 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7 |
|
| 3 |
| url |
pkg:composer/silverstripe/framework@4.1.5 |
| purl |
pkg:composer/silverstripe/framework@4.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.2.4 |
| purl |
pkg:composer/silverstripe/framework@4.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4 |
|
| 5 |
| url |
pkg:composer/silverstripe/framework@4.3.1 |
| purl |
pkg:composer/silverstripe/framework@4.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1 |
|
|
| aliases |
CVE-2019-5715, GHSA-wvfw-w3x6-g526
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-ha6p-vkbq |
|
| 23 |
| url |
VCID-uyuz-1bws-rkht |
| vulnerability_id |
VCID-uyuz-1bws-rkht |
| summary |
SilverStripe XXE Vulnerability in CSSContentParser |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-25817, GHSA-3vjc-5x79-m9r8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuz-1bws-rkht |
|
| 24 |
|
| 25 |
|
| 26 |
| url |
VCID-vx3f-ny91-1fff |
| vulnerability_id |
VCID-vx3f-ny91-1fff |
| summary |
Lack of access control on upoaded files |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@3.6.8 |
| purl |
pkg:composer/silverstripe/framework@3.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-me4v-9ws9-2ybz |
|
| 16 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 17 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 18 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 19 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 20 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 21 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 22 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 23 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 24 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 25 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 26 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 27 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 28 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@3.7.4 |
| purl |
pkg:composer/silverstripe/framework@3.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1e21-x465-abgz |
|
| 1 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 2 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 3 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-vnbm-fq6d-3uax |
|
| 24 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 25 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 26 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 27 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 3 |
|
| 4 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3f-ny91-1fff |
|
| 27 |
| url |
VCID-wntr-v8fx-3ycx |
| vulnerability_id |
VCID-wntr-v8fx-3ycx |
| summary |
SilverStripe Priviledge escalation through cache pollution |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12617, GHSA-6r58-4xgr-gm6m
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wntr-v8fx-3ycx |
|
| 28 |
| url |
VCID-wxzb-brfu-pugq |
| vulnerability_id |
VCID-wxzb-brfu-pugq |
| summary |
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-74j9-xhqr-6qv3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzb-brfu-pugq |
|
| 29 |
| url |
VCID-zsfa-jtt7-7fhr |
| vulnerability_id |
VCID-zsfa-jtt7-7fhr |
| summary |
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-32981, GHSA-chx7-9x8h-r5mg
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zsfa-jtt7-7fhr |
|