{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","type":"composer","namespace":"silverstripe","name":"framework","version":"3.0.14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.10.9","latest_non_vulnerable_version":"5.3.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13529?format=json","vulnerability_id":"VCID-3497-71mw-yqh8","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55522","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56783?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56784?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/56785?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56786?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/56787?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/56788?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8bkg-xn4y-nydr"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3497-71mw-yqh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137842?format=json","vulnerability_id":"VCID-4mg2-rjsn-qyfx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17126","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"CVE-2019-12203.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74365?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/74364?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mg2-rjsn-qyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14861?format=json","vulnerability_id":"VCID-5ccd-zu9e-yfgp","summary":"Business Logic Errors in GitHub repository silverstripe/silverstripe-framework","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2"},{"reference_url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227","reference_id":"CVE-2022-0227","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227"},{"reference_url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8","reference_id":"GHSA-32m2-9f76-4gv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59361?format=json","purl":"pkg:composer/silverstripe/framework@4.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1"}],"aliases":["CVE-2022-0227","GHSA-32m2-9f76-4gv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ccd-zu9e-yfgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10919?format=json","vulnerability_id":"VCID-6e1y-7jj8-a7cw","summary":"XSS in CMS Edit Page\nDue to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a24c8260b1d048dc6a0836eb1be9a1ca2056e770"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-004","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-004"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51627?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51626?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51629?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51628?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51631?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51630?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-67yd-mhz1-k3cd"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6e1y-7jj8-a7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137865?format=json","vulnerability_id":"VCID-7kmy-8ht6-8fcw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4898","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74365?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/74364?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74368?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmy-8ht6-8fcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10920?format=json","vulnerability_id":"VCID-7me4-ggep-sbhj","summary":"Missing CSRF protection in login form\n`LoginForm` calls `disableSecurityToken()`, which causes a \"shared host domain\" vulnerability.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a6bd22ab2f3b11a054d20be13306a19089510989"},{"reference_url":"http://stackoverflow.com/a/15350123","reference_id":"","reference_type":"","scores":[],"url":"http://stackoverflow.com/a/15350123"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-006"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51627?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51626?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51629?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51628?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51631?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51630?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-67yd-mhz1-k3cd"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7me4-ggep-sbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11065?format=json","vulnerability_id":"VCID-7uum-b28k-nqbm","summary":"XSS In CMSSecurity BackURL\nIn follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-001/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-016/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51945?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/51946?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51947?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51948?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-016"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uum-b28k-nqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11000?format=json","vulnerability_id":"VCID-7wzc-kyxs-wbc2","summary":"ChangePasswordForm doesn't check Member::canLogIn()\nAfter performing a password reset, `ChangePasswordForm::doChangePassword()` logs in the user without checking `Member::canLogIn()`. This presents an issue for sites that are using the extension point in that method to deny access to users (for example members that have not been “approved”, or members that have had their access revoked temporarily). It looks like `Member::canLogIn()` was originally designed to only be used for checking whether the user is locked out (due to too many incorrect login attempts) but has been opened up to other uses.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51817?format=json","purl":"pkg:composer/silverstripe/framework@3.4.10-stable","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.10-stable"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-011"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wzc-kyxs-wbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14157?format=json","vulnerability_id":"VCID-89jy-34ks-5kds","summary":"Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37777","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52287?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89jy-34ks-5kds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183572?format=json","vulnerability_id":"VCID-8csb-m7rv-xyh2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57606","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559","reference_id":"CVE-2021-41559","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559","reference_id":"CVE-2021-41559","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml","reference_id":"CVE-2021-41559.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w","reference_id":"GHSA-9fmg-89fx-r33w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/549782?format=json","purl":"pkg:composer/silverstripe/framework@4.11.0-beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/78408?format=json","purl":"pkg:composer/silverstripe/framework@4.10.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9"}],"aliases":["CVE-2021-41559","GHSA-9fmg-89fx-r33w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8csb-m7rv-xyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11271?format=json","vulnerability_id":"VCID-91wy-94bg-bfc3","summary":"XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52220?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52221?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"}],"aliases":["SS-2017-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91wy-94bg-bfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137866?format=json","vulnerability_id":"VCID-9vwe-uejx-c3c5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36012","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74359?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vwe-uejx-c3c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10997?format=json","vulnerability_id":"VCID-a95a-ygek-hfby","summary":"Missing ACL on reports\nThe `SS_Report`, and the reports CMS section only checks `canView()` when listing the reports that can be viewed by the current user. It does not (and should) perform `canView` checks when the report is actually viewed, so if you know the URL to a report and can otherwise access the Reports section of the CMS, you can view any report.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-012"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a95a-ygek-hfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11001?format=json","vulnerability_id":"VCID-bexp-ws1g-1fdu","summary":"Password encryption salt expiry\nWhen a user changes their password, the internal salt used for hashing their password is not updated.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-008"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bexp-ws1g-1fdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159546?format=json","vulnerability_id":"VCID-cskj-c9ur-47dj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44161","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136"},{"reference_url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2","reference_id":"GHSA-mg2g-8pwj-r2j2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/419167?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"}],"aliases":["CVE-2020-26136","GHSA-mg2g-8pwj-r2j2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cskj-c9ur-47dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11004?format=json","vulnerability_id":"VCID-d9he-ahd2-xkde","summary":"Member.Name isn't escaped\nThe core template `framework/templates/Includes/GridField_print.ss` uses \"Printed by $Member.Name\". If the currently logged in members first name or surname contain XSS, this prints the raw HTML out, because `Member->getName()` just returns the raw `FirstName + Surname` as a string, which is injected directly.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9he-ahd2-xkde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159547?format=json","vulnerability_id":"VCID-djww-2v4e-qkb2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52834","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/","reference_id":"CVE-2020-26138","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml","reference_id":"CVE-2020-26138.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44","reference_id":"GHSA-7mv4-4xpg-xq44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/419167?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/76628?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-26138","GHSA-7mv4-4xpg-xq44"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djww-2v4e-qkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10756?format=json","vulnerability_id":"VCID-empu-95n7-5qcq","summary":"Insufficient sanitization in \"Add from URL\"\n\"Add from URL\" does not clearly sanitize URL server side in `HtmlEditorField_Toolbar`. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it's possible future changes would break this.","references":[{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-027/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-027/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yc7-8qd2-zfhm"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9qx2-tr6c-sbby"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-rat4-3wbz-33fu"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-027"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-empu-95n7-5qcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11303?format=json","vulnerability_id":"VCID-eu6p-szkb-m7b1","summary":"Cross-site Scripting\nThere is an XSS in SilverStripe CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50115","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197"},{"reference_url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96572"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197","reference_id":"CVE-2017-5197","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197"},{"reference_url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h","reference_id":"GHSA-xmjh-wjc5-wg4h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52220?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52286?format=json","purl":"pkg:composer/silverstripe/framework@3.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52221?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/52287?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2017-5197","GHSA-xmjh-wjc5-wg4h"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eu6p-szkb-m7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10758?format=json","vulnerability_id":"VCID-farn-35ej-t7eg","summary":"XSS vulnerability in form field validation\nA high level XSS risk has been identified in the encoding of validation messages in certain FormField classes. Certain fields such as the `NumericField` and `DropdownField` have been identified, but any form field which presents any invalid content as a part of its validation response will be at risk.","references":[{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-026/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-026/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51338?format=json","purl":"pkg:composer/silverstripe/framework@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yc7-8qd2-zfhm"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9qx2-tr6c-sbby"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-rat4-3wbz-33fu"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/93129?format=json","purl":"pkg:composer/silverstripe/framework@3.2.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yc7-8qd2-zfhm"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9qx2-tr6c-sbby"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-rat4-3wbz-33fu"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-026"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-farn-35ej-t7eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142395?format=json","vulnerability_id":"VCID-fn6y-hytc-r3b5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43356","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326"},{"reference_url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m","reference_id":"GHSA-q9ff-3q93-fm8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/214051?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/213927?format=json","purl":"pkg:composer/silverstripe/framework@4.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/213928?format=json","purl":"pkg:composer/silverstripe/framework@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4"}],"aliases":["CVE-2019-19326","GHSA-q9ff-3q93-fm8m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fn6y-hytc-r3b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10730?format=json","vulnerability_id":"VCID-fygk-h8hh-x3c9","summary":"Privilege Escalation\nA member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.","references":[{"reference_url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-020/","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/software/download/security-releases/ss-2015-020/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51302?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14"}],"aliases":["SS-2015-020"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fygk-h8hh-x3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10754?format=json","vulnerability_id":"VCID-gw4m-zbjs-3fgx","summary":"Improper Input Validation\n`HtmlEditor` improper URL sanitisation.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-027/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yc7-8qd2-zfhm"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9qx2-tr6c-sbby"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-rat4-3wbz-33fu"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-027-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gw4m-zbjs-3fgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16370?format=json","vulnerability_id":"VCID-jh6m-gbpk-9ufc","summary":"Silverstripe CMS Open Redirect\nOpen redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.","references":[{"reference_url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt"},{"reference_url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5062","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57545","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5062"},{"reference_url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419"},{"reference_url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201209000421/http://www.securityfocus.com/archive/1/535716/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062","reference_id":"CVE-2015-5062","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5062"},{"reference_url":"https://github.com/advisories/GHSA-fh35-p8ph-p545","reference_id":"GHSA-fh35-p8ph-p545","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fh35-p8ph-p545"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93128?format=json","purl":"pkg:composer/silverstripe/framework@3.1.14-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.14-rc1"}],"aliases":["CVE-2015-5062","GHSA-fh35-p8ph-p545"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jh6m-gbpk-9ufc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139230?format=json","vulnerability_id":"VCID-k1aa-deyg-2kdg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57522","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108963?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53886?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1aa-deyg-2kdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139231?format=json","vulnerability_id":"VCID-k6ed-y2ud-wffu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56678","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"CVE-2019-14273.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f","reference_id":"GHSA-43jj-2rwc-2m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108963?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53886?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ed-y2ud-wffu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10921?format=json","vulnerability_id":"VCID-km94-727n-nfa6","summary":"CSRF vulnerability in savetreenodes\n`savetreenode` action does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3c0f2e8e11a1bead64d869854b9dfc0f80e7579a"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2015-029","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2015-029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51627?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51626?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51629?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51628?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51631?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51630?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-67yd-mhz1-k3cd"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2015-029"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-km94-727n-nfa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10917?format=json","vulnerability_id":"VCID-ku6h-zhz1-8ydr","summary":"Brute force bypass on default admin\nDefault Administrator accounts were not subject to the same brute force protection afforded to other Member accounts. Failed login counts were not logged for default admins resulting in unlimited attempts on the default admin username and password.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f32c893546340c8c279fd1ab6d4269e9d6539bc2"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-005","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51627?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51626?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51629?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51628?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51631?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51630?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-67yd-mhz1-k3cd"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ku6h-zhz1-8ydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138126?format=json","vulnerability_id":"VCID-m2bw-tabk-qyd8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53918","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"CVE-2019-12617.YAML","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bw-tabk-qyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14158?format=json","vulnerability_id":"VCID-mvra-6wnv-xya1","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.59233","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150"},{"reference_url":"https://github.com/advisories/GHSA-j66h-cc96-c32q","reference_id":"GHSA-j66h-cc96-c32q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j66h-cc96-c32q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/495335?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/58206?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0"}],"aliases":["CVE-2021-36150","GHSA-j66h-cc96-c32q"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvra-6wnv-xya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12093?format=json","vulnerability_id":"VCID-pq7w-n99a-q7cj","summary":"Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43716","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"CVE-2017-18049","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108959?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53884?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/108962?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/53885?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/108963?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53886?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq7w-n99a-q7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159392?format=json","vulnerability_id":"VCID-qrhh-c86j-rqe6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57604","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817","reference_id":"CVE-2020-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817","reference_id":"CVE-2021-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817"},{"reference_url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8","reference_id":"GHSA-3vjc-5x79-m9r8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/419167?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/76628?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-25817","GHSA-3vjc-5x79-m9r8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrhh-c86j-rqe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167785?format=json","vulnerability_id":"VCID-tp75-2k7m-6yaw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57142","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311"},{"reference_url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x","reference_id":"GHSA-2pw2-qpcp-m47x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/214051?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"}],"aliases":["CVE-2020-9311","GHSA-2pw2-qpcp-m47x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tp75-2k7m-6yaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10753?format=json","vulnerability_id":"VCID-tzgn-vazz-7kct","summary":"Cross-site Scripting\nForm field validation message XSS vulnerability.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2015-026/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/silverstripe/framework@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yc7-8qd2-zfhm"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9qx2-tr6c-sbby"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-rat4-3wbz-33fu"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-026-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzgn-vazz-7kct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10999?format=json","vulnerability_id":"VCID-u7hh-49t3-13df","summary":"Pre-existing alc_enc cookies log users in if remember me is disabled\nIf remember me is on and users log in with the box checked, if the developer then disabled \"remember me\" function, any pre-existing cookies will continue to authenticate users.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-014"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7hh-49t3-13df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10918?format=json","vulnerability_id":"VCID-ud6e-smr7-vffw","summary":"XSS in CMSController BackURL\nA XSS risk exists in the returnURL parameter passed to CMSSecurity/success. An unvalidated url could cause the user to redirect to an unverified third party url outside of the site.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1ccd3926e3dcecaa5c1b4f26a390d9eacc24a893"},{"reference_url":"http://www.silverstripe.org/download/security-releases/ss-2016-001","reference_id":"","reference_type":"","scores":[],"url":"http://www.silverstripe.org/download/security-releases/ss-2016-001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51627?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51626?format=json","purl":"pkg:composer/silverstripe/framework@3.1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51629?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51628?format=json","purl":"pkg:composer/silverstripe/framework@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51631?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-287p-st1a-bygy"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-4sg7-t89g-xuga"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6xct-esdm-m7a6"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a7pf-uwqr-9qb2"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d31b-9v7t-d7fu"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hgb3-kxxe-9ub7"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51630?format=json","purl":"pkg:composer/silverstripe/framework@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-67yd-mhz1-k3cd"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-8py4-rxgp-uqdh"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.2"}],"aliases":["SS-2016-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ud6e-smr7-vffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11066?format=json","vulnerability_id":"VCID-upvz-qc95-nua2","summary":"ReadOnly transformation for formfields exploitable\nForm fields returning `isReadonly()` as true are vulnerable to reflected XSS injections. This includes `ReadonlyField`, `LookupField`, `HTMLReadonlyField`, as well as special purpose fields like `TimeField_Readonly`. Values submitted to through these form fields are not filtered out from the form session data, and might be shown to the user depending on the form behaviour. For example, form validation errors cause the form to re-render with previously submitted values by default. SilverStripe forms automatically load values from request data (GET and POST), which enables malicious use of URLs if your form uses these fields and does not overwrite data on form construction. Readonly and disabled form fields are already filtered out in `saveInto()`, so maliciously submitted data on these fields does not make it into the database unless you are accessing form values directly in your saving logic.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51945?format=json","purl":"pkg:composer/silverstripe/framework@3.1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/51946?format=json","purl":"pkg:composer/silverstripe/framework@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51947?format=json","purl":"pkg:composer/silverstripe/framework@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51948?format=json","purl":"pkg:composer/silverstripe/framework@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.2"}],"aliases":["SS-2016-010"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-upvz-qc95-nua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11003?format=json","vulnerability_id":"VCID-uww2-1x5r-ufc6","summary":"XSS In OptionsetField and CheckboxSetField\nList of key / value pairs assigned to `OptionsetField` or `CheckboxSetField` do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML.","references":[{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2016-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51813?format=json","purl":"pkg:composer/silverstripe/framework@3.1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51814?format=json","purl":"pkg:composer/silverstripe/framework@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51815?format=json","purl":"pkg:composer/silverstripe/framework@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51816?format=json","purl":"pkg:composer/silverstripe/framework@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/97166?format=json","purl":"pkg:composer/silverstripe/framework@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0-alpha1"}],"aliases":["SS-2016-015"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uww2-1x5r-ufc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11607?format=json","vulnerability_id":"VCID-vrv4-sy3z-jfe2","summary":"Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.","references":[{"reference_url":"http://lists.openwall.net/full-disclosure/2017/09/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openwall.net/full-disclosure/2017/09/14/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59419","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498"},{"reference_url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"},{"reference_url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498","reference_id":"CVE-2017-14498","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498"},{"reference_url":"https://github.com/advisories/GHSA-j696-6m57-mcrv","reference_id":"GHSA-j696-6m57-mcrv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j696-6m57-mcrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105334?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/53062?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-14498","GHSA-j696-6m57-mcrv"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrv4-sy3z-jfe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137844?format=json","vulnerability_id":"VCID-x6g5-a61e-3khu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59603","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"},{"reference_url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5","reference_id":"GHSA-rfvw-5848-gxc5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/74358?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/74360?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ywc-gcvd-73a9"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6g5-a61e-3khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=json","vulnerability_id":"VCID-xazf-vmz5-r3dj","summary":"Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6047","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849","reference_id":"CVE-2017-12849","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf","reference_id":"GHSA-fwhr-g5r4-xgxf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106111?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/53395?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/105334?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/53062?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-12849","GHSA-fwhr-g5r4-xgxf"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xazf-vmz5-r3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13696?format=json","vulnerability_id":"VCID-yxg1-dz91-ckgs","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41992","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145313?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-5j19-xx5v-fkck"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d62k-jng6-5fd8"},{"vulnerability":"VCID-dgmv-7v1e-k3b9"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-hj46-jp5w-ckd1"},{"vulnerability":"VCID-jc9t-3hb5-z3g5"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-qrhh-c86j-rqe6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxg1-dz91-ckgs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10669?format=json","vulnerability_id":"VCID-1dx3-s2f2-4yha","summary":"Potential SQL Injection Vulnerability in silverstripe.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/91935?format=json","purl":"pkg:composer/silverstripe/framework@3.1.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/51208?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-011-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dx3-s2f2-4yha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10671?format=json","vulnerability_id":"VCID-d5e5-2zb7-8kdb","summary":"Code Injection\nVulnerability on `isDev`, `isTest` and `flush` `$_GET` validation.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/91935?format=json","purl":"pkg:composer/silverstripe/framework@3.1.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/51208?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/90311?format=json","purl":"pkg:composer/silverstripe/framework@4.12.0-rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1"}],"aliases":["SS-2015-014-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5e5-2zb7-8kdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340843?format=json","vulnerability_id":"VCID-j2xt-jfey-5fej","summary":"SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-014-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a978b891e13d22dddee7e0735a7032f13964447d"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cb6717c3f85753bdc30087f280720c6d3f639ff3"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-014"},{"reference_url":"https://github.com/advisories/GHSA-g4hp-pfvf-vm5w","reference_id":"GHSA-g4hp-pfvf-vm5w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4hp-pfvf-vm5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/51208?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["GHSA-g4hp-pfvf-vm5w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2xt-jfey-5fej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10670?format=json","vulnerability_id":"VCID-vg5p-7mgs-wfbz","summary":"URL Redirection to Untrusted Site (Open Redirect)\nExternal redirection risk in `Security?ReturnURL`.","references":[{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/91935?format=json","purl":"pkg:composer/silverstripe/framework@3.1.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.0-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/81456?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1dx3-s2f2-4yha"},{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d5e5-2zb7-8kdb"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-uyhe-p2xf-8qah"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yg8t-fs9x-xufb"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/51208?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["SS-2015-012-1"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vg5p-7mgs-wfbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340841?format=json","vulnerability_id":"VCID-yg8t-fs9x-xufb","summary":"Silverstripe External redirection risk in Security?ReturnURL","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2015-012-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/22a35e48a9f513d4caa3b4e9b8dd21c49ffc8f2c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c14e7f6b764ae4646461f3fc3a46452fdaa9e02a"},{"reference_url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/software/download/security-releases/ss-2015-012"},{"reference_url":"https://github.com/advisories/GHSA-vp8p-c6xj-xpj7","reference_id":"GHSA-vp8p-c6xj-xpj7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vp8p-c6xj-xpj7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51207?format=json","purl":"pkg:composer/silverstripe/framework@3.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/51208?format=json","purl":"pkg:composer/silverstripe/framework@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2742-7a2u-wqaz"},{"vulnerability":"VCID-333j-w32t-ufhn"},{"vulnerability":"VCID-3497-71mw-yqh8"},{"vulnerability":"VCID-4mg2-rjsn-qyfx"},{"vulnerability":"VCID-5ccd-zu9e-yfgp"},{"vulnerability":"VCID-6e1y-7jj8-a7cw"},{"vulnerability":"VCID-7kmy-8ht6-8fcw"},{"vulnerability":"VCID-7me4-ggep-sbhj"},{"vulnerability":"VCID-7uum-b28k-nqbm"},{"vulnerability":"VCID-7wzc-kyxs-wbc2"},{"vulnerability":"VCID-89jy-34ks-5kds"},{"vulnerability":"VCID-8csb-m7rv-xyh2"},{"vulnerability":"VCID-91wy-94bg-bfc3"},{"vulnerability":"VCID-9vwe-uejx-c3c5"},{"vulnerability":"VCID-a95a-ygek-hfby"},{"vulnerability":"VCID-b17s-mw1j-5bcp"},{"vulnerability":"VCID-bexp-ws1g-1fdu"},{"vulnerability":"VCID-cskj-c9ur-47dj"},{"vulnerability":"VCID-d9he-ahd2-xkde"},{"vulnerability":"VCID-djww-2v4e-qkb2"},{"vulnerability":"VCID-empu-95n7-5qcq"},{"vulnerability":"VCID-eu6p-szkb-m7b1"},{"vulnerability":"VCID-farn-35ej-t7eg"},{"vulnerability":"VCID-fn6y-hytc-r3b5"},{"vulnerability":"VCID-fygk-h8hh-x3c9"},{"vulnerability":"VCID-gw4m-zbjs-3fgx"},{"vulnerability":"VCID-jh6m-gbpk-9ufc"},{"vulnerability":"VCID-k1aa-deyg-2kdg"},{"vulnerability":"VCID-k6ed-y2ud-wffu"},{"vulnerability":"VCID-km94-727n-nfa6"},{"vulnerability":"VCID-ku6h-zhz1-8ydr"},{"vulnerability":"VCID-m2bw-tabk-qyd8"},{"vulnerability":"VCID-mvra-6wnv-xya1"},{"vulnerability":"VCID-pq7w-n99a-q7cj"},{"vulnerability":"VCID-qrhh-c86j-rqe6"},{"vulnerability":"VCID-tp75-2k7m-6yaw"},{"vulnerability":"VCID-tzgn-vazz-7kct"},{"vulnerability":"VCID-u7hh-49t3-13df"},{"vulnerability":"VCID-ud6e-smr7-vffw"},{"vulnerability":"VCID-upvz-qc95-nua2"},{"vulnerability":"VCID-uww2-1x5r-ufc6"},{"vulnerability":"VCID-vrv4-sy3z-jfe2"},{"vulnerability":"VCID-wnrg-ruds-wqb4"},{"vulnerability":"VCID-x6g5-a61e-3khu"},{"vulnerability":"VCID-xazf-vmz5-r3dj"},{"vulnerability":"VCID-yxg1-dz91-ckgs"},{"vulnerability":"VCID-zfrs-mqe3-4be8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.1.13"}],"aliases":["GHSA-vp8p-c6xj-xpj7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yg8t-fs9x-xufb"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.0.14"}