| 0 |
| url |
VCID-436b-s848-ske3 |
| vulnerability_id |
VCID-436b-s848-ske3 |
| summary |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-53277, GHSA-ff6q-3c9c-6cf5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-436b-s848-ske3 |
|
| 1 |
| url |
VCID-445u-qqe9-gbch |
| vulnerability_id |
VCID-445u-qqe9-gbch |
| summary |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22728, GHSA-jh3w-6jp2-vqqm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-445u-qqe9-gbch |
|
| 2 |
| url |
VCID-4rj3-yt7y-rfcs |
| vulnerability_id |
VCID-4rj3-yt7y-rfcs |
| summary |
Missing warning can lead to unauthenticated admin access in SilverStripe |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
|
| aliases |
CVE-2019-12204, GHSA-cg8j-8w52-735v
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4rj3-yt7y-rfcs |
|
| 3 |
| url |
VCID-533n-8rjm-k7ct |
| vulnerability_id |
VCID-533n-8rjm-k7ct |
| summary |
Silverstripe Framework user enumeration via timing attack on login and password reset forms
### Impact
User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.
This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+
### References
- https://www.silverstripe.org/download/security-releases/ss-2017-005
- https://www.silverstripe.org/download/security-releases/ss-2025-001 |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-256q-hx8w-xcqx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-533n-8rjm-k7ct |
|
| 4 |
| url |
VCID-6eqf-7qyv-zuas |
| vulnerability_id |
VCID-6eqf-7qyv-zuas |
| summary |
Silverstripe silverstripe/framework through 4.11 allows SQL Injection. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://www.silverstripe.org/blog/tag/release |
| reference_id |
release |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:26:27Z/ |
|
|
| url |
https://www.silverstripe.org/blog/tag/release |
|
| 7 |
| reference_url |
https://forum.silverstripe.org/c/releases |
| reference_id |
releases |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T15:26:27Z/ |
|
|
| url |
https://forum.silverstripe.org/c/releases |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-38148, GHSA-rr8h-f97q-8p9c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6eqf-7qyv-zuas |
|
| 5 |
|
| 6 |
| url |
VCID-7rsm-671q-n3cx |
| vulnerability_id |
VCID-7rsm-671q-n3cx |
| summary |
SilverStripe Versioned Files module Unpublished files are exposed publicly |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-16409, GHSA-xm6j-x342-gwq9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7rsm-671q-n3cx |
|
| 7 |
| url |
VCID-7us5-kn2v-pbc6 |
| vulnerability_id |
VCID-7us5-kn2v-pbc6 |
| summary |
Silverstripe Framework: Members with no password can be created and bypass custom login forms
When a new `Member` record was created in the cms it was possible to set a blank password. If an attacker knows the email address of the user with the blank password then they can attempt to log in using an empty password. The default member authenticator, login form and basic auth all require a non-empty password, however if a custom authentication method is used it may allow a successful login with the empty password. Starting with this release, blank passwords are no no longer allowed when members are created in the CMS. Programatically created `Member` records, such as those used in unit tests, still allow blank passwords. You may have some `Member` records in your system already which have empty passwords. To detect these, you can loop over all `Member` records with `Member::get()` and pass each record into the below method. It might be sensible to create a [`BuildTask`](https://api.silverstripe.org/5/SilverStripe/Dev/BuildTask.html) for this purpose.
```php
private function memberHasBlankPassword(Member $member): bool
{
// skip default admin as this is created programatically
if ($member->isDefaultAdmin()) {
return false;
}
// return true if a blank password is valid for this member
$authenticator = new MemberAuthenticator();
return $authenticator->checkPassword($member, '')->isValid();
}
```
Once you have identified the records with empty passwords, it's up to you how to handle this. The most sensible way to resolve this is probably to generate a new secure password for each of these members, mark it as immediately expired, and email each affected member (assuming they have a valid email address in the system).
Users would need to opt-in to insecure behavior by using a configuration which allowed for empty passwords. These configurations are not expected and hence this advisory is primarily informational in nature.
Reported by: [Sabina Talipova](https://www.silverstripe.com/about-us/team/?member=sabina-talipova) from Silverstripe and [Christian Bünte](https://github.com/bimthebam) |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-32302, GHSA-36xx-7vf6-7mv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7us5-kn2v-pbc6 |
|
| 8 |
| url |
VCID-8j7g-u2z1-1ycb |
| vulnerability_id |
VCID-8j7g-u2z1-1ycb |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12205, GHSA-rfvw-5848-gxc5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8j7g-u2z1-1ycb |
|
| 9 |
| url |
VCID-91ry-vq9d-pbgb |
| vulnerability_id |
VCID-91ry-vq9d-pbgb |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 9 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 10 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 11 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 12 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 13 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 14 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 15 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 16 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 17 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 18 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 19 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 20 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 21 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 22 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.5.0-alpha1 |
| purl |
pkg:composer/silverstripe/framework@4.5.0-alpha1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 7 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 8 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 9 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 10 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 11 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 12 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 13 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 14 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 15 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 16 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 17 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 18 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 19 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 20 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 21 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 22 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 7 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 8 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 9 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 10 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 11 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 12 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 13 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 14 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 15 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 16 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 17 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 18 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 19 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 20 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 21 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2020-6164, GHSA-gm5x-hpmw-xpxg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91ry-vq9d-pbgb |
|
| 10 |
| url |
VCID-9man-5bj8-e7fm |
| vulnerability_id |
VCID-9man-5bj8-e7fm |
| summary |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22729, GHSA-fw84-xgm8-9jmv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9man-5bj8-e7fm |
|
| 11 |
| url |
VCID-9szg-7pyu-kqdx |
| vulnerability_id |
VCID-9szg-7pyu-kqdx |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.4.6 |
| purl |
pkg:composer/silverstripe/framework@4.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.6 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.5.1 |
| purl |
pkg:composer/silverstripe/framework@4.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 9 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 10 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 11 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 12 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 13 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 14 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 15 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 16 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 17 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 18 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1 |
|
|
| aliases |
CVE-2020-9280, GHSA-592m-4533-rxq9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9szg-7pyu-kqdx |
|
| 12 |
| url |
VCID-cma7-m5y5-juhw |
| vulnerability_id |
VCID-cma7-m5y5-juhw |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.4.0 |
| purl |
pkg:composer/silverstripe/framework@4.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3ftm-1ytk-77ee |
|
| 1 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 2 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 9 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 10 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 11 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 12 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 13 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 14 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 15 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 16 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 17 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 18 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 19 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 20 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 21 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 22 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 23 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 24 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 25 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 26 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 27 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 28 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 29 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 30 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0 |
|
|
| aliases |
CVE-2019-12246, GHSA-5fr8-xhqq-4p3q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cma7-m5y5-juhw |
|
| 13 |
|
| 14 |
| url |
VCID-g6a1-jazp-mufn |
| vulnerability_id |
VCID-g6a1-jazp-mufn |
| summary |
Session fixation in change password form |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12203, GHSA-w7r7-r8r9-vrg2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g6a1-jazp-mufn |
|
| 15 |
|
| 16 |
| url |
VCID-hmxb-equc-1bau |
| vulnerability_id |
VCID-hmxb-equc-1bau |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.4.7 |
| purl |
pkg:composer/silverstripe/framework@4.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 9 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 10 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 11 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 12 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 13 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 14 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 15 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 16 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 17 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 18 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 19 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 20 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 21 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 22 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.5.4 |
| purl |
pkg:composer/silverstripe/framework@4.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 7 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 8 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 9 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 10 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 11 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 12 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 13 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 14 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 15 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 16 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 17 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 18 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 19 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 20 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 21 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4 |
|
|
| aliases |
CVE-2019-19326, GHSA-q9ff-3q93-fm8m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hmxb-equc-1bau |
|
| 17 |
| url |
VCID-jbrw-8yw5-u7ay |
| vulnerability_id |
VCID-jbrw-8yw5-u7ay |
| summary |
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-48714, GHSA-qm2j-qvq3-j29v
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jbrw-8yw5-u7ay |
|
| 18 |
|
| 19 |
| url |
VCID-mwy1-dxrm-5qes |
| vulnerability_id |
VCID-mwy1-dxrm-5qes |
| summary |
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
> [!IMPORTANT]
> This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode.
> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.
## References
- https://www.silverstripe.org/download/security-releases/ss-2024-002
## Reported by
Gaurav Nayak from [Chaleit](https://chaleit.com/) |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-mqf3-qpc3-g26q
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mwy1-dxrm-5qes |
|
| 20 |
|
| 21 |
| url |
VCID-qw2u-5zmm-ckac |
| vulnerability_id |
VCID-qw2u-5zmm-ckac |
| summary |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitized on the client-side, but server-side sanitization doesn't catch it. The server-side sanitization logic has been updated to sanitize against this attack. This vulnerability is fixed in 5.3.23. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-30148, GHSA-rhx4-hvx9-j387
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qw2u-5zmm-ckac |
|
| 22 |
| url |
VCID-rh6g-dz5w-h7a4 |
| vulnerability_id |
VCID-rh6g-dz5w-h7a4 |
| summary |
FormField with square brackets in field name skips validation |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-26138, GHSA-7mv4-4xpg-xq44
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| url |
VCID-su5y-y12y-y3b9 |
| vulnerability_id |
VCID-su5y-y12y-y3b9 |
| summary |
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47605, GHSA-7cmp-cgg8-4c82
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-su5y-y12y-y3b9 |
|
| 24 |
| url |
VCID-tbhq-fnaq-gubs |
| vulnerability_id |
VCID-tbhq-fnaq-gubs |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
|
| aliases |
CVE-2019-12437, GHSA-fx37-56v6-85q6
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhq-fnaq-gubs |
|
| 25 |
|
| 26 |
| url |
VCID-uk5a-ha6p-vkbq |
| vulnerability_id |
VCID-uk5a-ha6p-vkbq |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.1.5 |
| purl |
pkg:composer/silverstripe/framework@4.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.2.4 |
| purl |
pkg:composer/silverstripe/framework@4.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.3.1 |
| purl |
pkg:composer/silverstripe/framework@4.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-4rj3-yt7y-rfcs |
|
| 3 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 4 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 5 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 6 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 7 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 8 |
| vulnerability |
VCID-8j7g-u2z1-1ycb |
|
| 9 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 10 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 11 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 12 |
| vulnerability |
VCID-cma7-m5y5-juhw |
|
| 13 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 14 |
| vulnerability |
VCID-g6a1-jazp-mufn |
|
| 15 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 16 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 17 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 18 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 19 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 20 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 21 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 22 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 23 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 24 |
| vulnerability |
VCID-tbhq-fnaq-gubs |
|
| 25 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 26 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 27 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 28 |
| vulnerability |
VCID-vx3f-ny91-1fff |
|
| 29 |
| vulnerability |
VCID-wntr-v8fx-3ycx |
|
| 30 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 31 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 32 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1 |
|
|
| aliases |
CVE-2019-5715, GHSA-wvfw-w3x6-g526
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-ha6p-vkbq |
|
| 27 |
| url |
VCID-uyuz-1bws-rkht |
| vulnerability_id |
VCID-uyuz-1bws-rkht |
| summary |
SilverStripe XXE Vulnerability in CSSContentParser |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.6.0 |
| purl |
pkg:composer/silverstripe/framework@4.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.7.4 |
| purl |
pkg:composer/silverstripe/framework@4.7.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 5 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 6 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 7 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 8 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 9 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 10 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 11 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 12 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 13 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 14 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 15 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 16 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 17 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 18 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4 |
|
|
| aliases |
CVE-2020-25817, GHSA-3vjc-5x79-m9r8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuz-1bws-rkht |
|
| 28 |
|
| 29 |
| url |
VCID-vx3f-ny91-1fff |
| vulnerability_id |
VCID-vx3f-ny91-1fff |
| summary |
Lack of access control on upoaded files |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12245, GHSA-jvx5-rm6q-gx7p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3f-ny91-1fff |
|
| 30 |
| url |
VCID-wntr-v8fx-3ycx |
| vulnerability_id |
VCID-wntr-v8fx-3ycx |
| summary |
SilverStripe Priviledge escalation through cache pollution |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/silverstripe/framework@4.3.4 |
| purl |
pkg:composer/silverstripe/framework@4.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7rsm-671q-n3cx |
|
| 6 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 7 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 8 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 9 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 10 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 11 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 12 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 13 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 14 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 15 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 16 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 17 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 18 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 19 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4 |
|
| 1 |
| url |
pkg:composer/silverstripe/framework@4.3.5 |
| purl |
pkg:composer/silverstripe/framework@4.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 20 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 21 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 22 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 23 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 24 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5 |
|
| 2 |
| url |
pkg:composer/silverstripe/framework@4.4.4 |
| purl |
pkg:composer/silverstripe/framework@4.4.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-436b-s848-ske3 |
|
| 1 |
| vulnerability |
VCID-445u-qqe9-gbch |
|
| 2 |
| vulnerability |
VCID-533n-8rjm-k7ct |
|
| 3 |
| vulnerability |
VCID-6eqf-7qyv-zuas |
|
| 4 |
| vulnerability |
VCID-6u99-zfaw-h7ha |
|
| 5 |
| vulnerability |
VCID-7us5-kn2v-pbc6 |
|
| 6 |
| vulnerability |
VCID-91ry-vq9d-pbgb |
|
| 7 |
| vulnerability |
VCID-9man-5bj8-e7fm |
|
| 8 |
| vulnerability |
VCID-9szg-7pyu-kqdx |
|
| 9 |
| vulnerability |
VCID-f2eh-56eb-pydf |
|
| 10 |
| vulnerability |
VCID-gr26-gwtr-eqa1 |
|
| 11 |
| vulnerability |
VCID-hmxb-equc-1bau |
|
| 12 |
| vulnerability |
VCID-jbrw-8yw5-u7ay |
|
| 13 |
| vulnerability |
VCID-kjha-tu3x-pkae |
|
| 14 |
| vulnerability |
VCID-mwy1-dxrm-5qes |
|
| 15 |
| vulnerability |
VCID-q5tn-heja-1uen |
|
| 16 |
| vulnerability |
VCID-qw2u-5zmm-ckac |
|
| 17 |
| vulnerability |
VCID-rh6g-dz5w-h7a4 |
|
| 18 |
| vulnerability |
VCID-su5y-y12y-y3b9 |
|
| 19 |
| vulnerability |
VCID-ten7-3cpb-zkcs |
|
| 20 |
| vulnerability |
VCID-ug8p-6ny6-fkas |
|
| 21 |
| vulnerability |
VCID-uyuz-1bws-rkht |
|
| 22 |
| vulnerability |
VCID-vkxb-qh8t-63f2 |
|
| 23 |
| vulnerability |
VCID-wxzb-brfu-pugq |
|
| 24 |
| vulnerability |
VCID-x5m3-hm2b-b3bc |
|
| 25 |
| vulnerability |
VCID-zsfa-jtt7-7fhr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4 |
|
|
| aliases |
CVE-2019-12617, GHSA-6r58-4xgr-gm6m
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wntr-v8fx-3ycx |
|
| 31 |
| url |
VCID-wxzb-brfu-pugq |
| vulnerability_id |
VCID-wxzb-brfu-pugq |
| summary |
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-74j9-xhqr-6qv3
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzb-brfu-pugq |
|
| 32 |
|
| 33 |
| url |
VCID-zsfa-jtt7-7fhr |
| vulnerability_id |
VCID-zsfa-jtt7-7fhr |
| summary |
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-32981, GHSA-chx7-9x8h-r5mg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zsfa-jtt7-7fhr |
|