{"url":"http://public2.vulnerablecode.io/api/packages/410392?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3-rc2","type":"composer","namespace":"silverstripe","name":"framework","version":"3.3.3-rc2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.5","latest_non_vulnerable_version":"5.3.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361843?format=json","vulnerability_id":"VCID-16sj-atxu-mfh3","summary":"ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31643?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/31642?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-010"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16sj-atxu-mfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/311416?format=json","vulnerability_id":"VCID-1e21-x465-abgz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57669","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1e21-x465-abgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205034?format=json","vulnerability_id":"VCID-3ftm-1ytk-77ee","summary":"Broken access control on files","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56826","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"CVE-2019-14273.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f","reference_id":"GHSA-43jj-2rwc-2m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ftm-1ytk-77ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/290982?format=json","vulnerability_id":"VCID-3p33-cbc6-vkgt","summary":"","references":[{"reference_url":"http://lists.openwall.net/full-disclosure/2017/09/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openwall.net/full-disclosure/2017/09/14/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5956","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498"},{"reference_url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"},{"reference_url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417195?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/389484?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-14498","GHSA-j696-6m57-mcrv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3p33-cbc6-vkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/294924?format=json","vulnerability_id":"VCID-47ty-3bfn-1bdz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50253","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197"},{"reference_url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96572"},{"reference_url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h","reference_id":"GHSA-xmjh-wjc5-wg4h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388921?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31668?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/388922?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31669?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2017-5197","GHSA-xmjh-wjc5-wg4h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ty-3bfn-1bdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/326353?format=json","vulnerability_id":"VCID-6u99-zfaw-h7ha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44238","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136"},{"reference_url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2","reference_id":"GHSA-mg2g-8pwj-r2j2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"}],"aliases":["CVE-2020-26136","GHSA-mg2g-8pwj-r2j2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6u99-zfaw-h7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/338253?format=json","vulnerability_id":"VCID-7aww-xedy-23b8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37838","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31669?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aww-xedy-23b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310438?format=json","vulnerability_id":"VCID-8j7g-u2z1-1ycb","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59742","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8j7g-u2z1-1ycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310447?format=json","vulnerability_id":"VCID-cma7-m5y5-juhw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15754?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cma7-m5y5-juhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207680?format=json","vulnerability_id":"VCID-f2eh-56eb-pydf","summary":"Business Logic Errors in SilverStripe Framework","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2"},{"reference_url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227","reference_id":"CVE-2022-0227","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227"},{"reference_url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8","reference_id":"GHSA-32m2-9f76-4gv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18941?format=json","purl":"pkg:composer/silverstripe/framework@4.10.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1"}],"aliases":["CVE-2022-0227","GHSA-32m2-9f76-4gv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2eh-56eb-pydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361842?format=json","vulnerability_id":"VCID-fgbz-nak8-r3ba","summary":"XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31643?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/31642?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-47ty-3bfn-1bdz"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-kkpx-3pyp-zkc3"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-016"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgbz-nak8-r3ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204246?format=json","vulnerability_id":"VCID-g6a1-jazp-mufn","summary":"Session fixation in change password form","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"CVE-2019-12203.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15763?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15761?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6a1-jazp-mufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/292636?format=json","vulnerability_id":"VCID-gcht-uaeq-nkc9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.438","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420594?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31673?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/420597?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/31675?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/420598?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31679?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcht-uaeq-nkc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/341292?format=json","vulnerability_id":"VCID-gr26-gwtr-eqa1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59375","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150"},{"reference_url":"https://github.com/advisories/GHSA-j66h-cc96-c32q","reference_id":"GHSA-j66h-cc96-c32q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j66h-cc96-c32q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518159?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/391762?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0"}],"aliases":["CVE-2021-36150","GHSA-j66h-cc96-c32q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr26-gwtr-eqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361999?format=json","vulnerability_id":"VCID-kkpx-3pyp-zkc3","summary":"XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388921?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/388922?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-3p33-cbc6-vkgt"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7aww-xedy-23b8"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-pmed-zcng-eqa7"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"}],"aliases":["SS-2017-001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkpx-3pyp-zkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/290313?format=json","vulnerability_id":"VCID-pmed-zcng-eqa7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/417971?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/31677?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/417195?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/389484?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gcht-uaeq-nkc9"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uk5a-ha6p-vkbq"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-12849","GHSA-fwhr-g5r4-xgxf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmed-zcng-eqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208604?format=json","vulnerability_id":"VCID-rh6g-dz5w-h7a4","summary":"FormField with square brackets in field name skips validation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52973","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/","reference_id":"CVE-2020-26138","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml","reference_id":"CVE-2020-26138.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44","reference_id":"GHSA-7mv4-4xpg-xq44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19861?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-26138","GHSA-7mv4-4xpg-xq44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rh6g-dz5w-h7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/310547?format=json","vulnerability_id":"VCID-tbhq-fnaq-gubs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbhq-fnaq-gubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/316750?format=json","vulnerability_id":"VCID-uk5a-ha6p-vkbq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55671","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385956?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385958?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/385957?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385959?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/385960?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/385961?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4rj3-yt7y-rfcs"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-ha6p-vkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210435?format=json","vulnerability_id":"VCID-uyuz-1bws-rkht","summary":"SilverStripe XXE Vulnerability in CSSContentParser","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57751","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817","reference_id":"CVE-2020-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817","reference_id":"CVE-2021-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817"},{"reference_url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8","reference_id":"GHSA-3vjc-5x79-m9r8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/506086?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/19861?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-25817","GHSA-3vjc-5x79-m9r8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyuz-1bws-rkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/331953?format=json","vulnerability_id":"VCID-vnbm-fq6d-3uax","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5728","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385385?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"}],"aliases":["CVE-2020-9311","GHSA-2pw2-qpcp-m47x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnbm-fq6d-3uax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204247?format=json","vulnerability_id":"VCID-vx3f-ny91-1fff","summary":"Lack of access control on upoaded files","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49109","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15763?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/15761?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e21-x465-abgz"},{"vulnerability":"VCID-3ftm-1ytk-77ee"},{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-8j7g-u2z1-1ycb"},{"vulnerability":"VCID-cma7-m5y5-juhw"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-g6a1-jazp-mufn"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-tbhq-fnaq-gubs"},{"vulnerability":"VCID-uyuz-1bws-rkht"},{"vulnerability":"VCID-vnbm-fq6d-3uax"},{"vulnerability":"VCID-vx3f-ny91-1fff"},{"vulnerability":"VCID-wntr-v8fx-3ycx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15766?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vx3f-ny91-1fff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204248?format=json","vulnerability_id":"VCID-wntr-v8fx-3ycx","summary":"SilverStripe Priviledge escalation through cache pollution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"CVE-2019-12617.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/447307?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-7rsm-671q-n3cx"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/15753?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/15755?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u99-zfaw-h7ha"},{"vulnerability":"VCID-91ry-vq9d-pbgb"},{"vulnerability":"VCID-9szg-7pyu-kqdx"},{"vulnerability":"VCID-f2eh-56eb-pydf"},{"vulnerability":"VCID-gr26-gwtr-eqa1"},{"vulnerability":"VCID-rh6g-dz5w-h7a4"},{"vulnerability":"VCID-ten7-3cpb-zkcs"},{"vulnerability":"VCID-uyuz-1bws-rkht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wntr-v8fx-3ycx"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3-rc2"}