{"url":"http://public2.vulnerablecode.io/api/packages/53314?format=json","purl":"pkg:composer/silverstripe/framework@3.5.0","type":"composer","namespace":"silverstripe","name":"framework","version":"3.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.3.23","latest_non_vulnerable_version":"6.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56522?format=json","vulnerability_id":"VCID-11sx-j3x7-gkcr","summary":"Reflected Cross Site Scripting (XSS) in error message\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-002.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3","reference_id":"GHSA-74j9-xhqr-6qv3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-74j9-xhqr-6qv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83724?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-79qx-v5uu-jyf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"}],"aliases":["GHSA-74j9-xhqr-6qv3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11sx-j3x7-gkcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40907?format=json","vulnerability_id":"VCID-1mmc-91gk-r3d3","summary":"SilverStripe allowss Reflected SQL Injection through Form and `DataObject`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55605","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55549","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5715"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-5715.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/issues/8814","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/issues/8814"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5715"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2018-021","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2018-021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57785?format=json","purl":"pkg:composer/silverstripe/framework@3.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57786?format=json","purl":"pkg:composer/silverstripe/framework@3.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57787?format=json","purl":"pkg:composer/silverstripe/framework@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57788?format=json","purl":"pkg:composer/silverstripe/framework@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57789?format=json","purl":"pkg:composer/silverstripe/framework@4.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57790?format=json","purl":"pkg:composer/silverstripe/framework@4.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-z94y-nz4f-y7er"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.1"}],"aliases":["CVE-2019-5715","GHSA-wvfw-w3x6-g526"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mmc-91gk-r3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110589?format=json","vulnerability_id":"VCID-1p79-328x-sueq","summary":"Quadratic blowup in Convert::xml2array()\nSilverstripe silverstripe/framework 4.x until 4.10.9 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57671","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57619","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41559"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2021-41559.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41559"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-41559"},{"reference_url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w","reference_id":"GHSA-9fmg-89fx-r33w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9fmg-89fx-r33w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149279?format=json","purl":"pkg:composer/silverstripe/framework@4.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/595466?format=json","purl":"pkg:composer/silverstripe/framework@4.11.0-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.0-beta1"}],"aliases":["CVE-2021-41559","GHSA-9fmg-89fx-r33w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1p79-328x-sueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55022?format=json","vulnerability_id":"VCID-37d1-tt74-yyfm","summary":"silverstripe/framework users inadvertently passing sensitive data to LoginAttempt\nAll user login attempts are logged in the database in the LoginAttempt table. However, this table contains information in plain text, and may possible contain sensitive information, such as user passwords mis-typed into the username field.\n\nIn order to address this a one-way hash is applied to the Email field before being stored.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-009-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/3e2bcaa0b49277ff7f7004b265a7fa80d0b92e5c"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c5d6eb816d4ac5e9fa3d8bc4bd82de95719eb22d"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f1dd3d6f03eb1d94c29c495994a1da9176a758d9"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-009","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-009"},{"reference_url":"https://github.com/advisories/GHSA-ph62-fv59-vf9h","reference_id":"GHSA-ph62-fv59-vf9h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ph62-fv59-vf9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-ph62-fv59-vf9h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37d1-tt74-yyfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55030?format=json","vulnerability_id":"VCID-3j6f-5c14-uubc","summary":"silverstripe/framework has Cross-site Scripting vulnerability in page history comparison\nAuthenticated user with page edit permission can craft HTML, which when rendered in a page history comparison can execute client scripts.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-004-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/2b72c0f73b668ddf7c059319da915a6c08652278"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-004"},{"reference_url":"https://github.com/advisories/GHSA-c4c3-j73v-634r","reference_id":"GHSA-c4c3-j73v-634r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4c3-j73v-634r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54434?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-c4c3-j73v-634r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3j6f-5c14-uubc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39021?format=json","vulnerability_id":"VCID-3x46-q9cb-7ubg","summary":"Information Exposure\nResponse discrepancy in the login and password reset forms in SilverStripe CMS allows remote attackers to enumerate users via timing attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60553","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12849"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849","reference_id":"CVE-2017-12849","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12849"},{"reference_url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf","reference_id":"GHSA-fwhr-g5r4-xgxf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fwhr-g5r4-xgxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/213679?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5-beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5-beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/54435?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/213034?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/54103?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-12849","GHSA-fwhr-g5r4-xgxf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x46-q9cb-7ubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55033?format=json","vulnerability_id":"VCID-4qjj-wqg5-dbay","summary":"silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage\nRedirectorPage will allow users to specify a non-url malicious script as the redirection path without validation. Users which follow this url may allow this script to execute within their browser.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-003-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-003"},{"reference_url":"https://github.com/advisories/GHSA-pp7q-6j3f-74vj","reference_id":"GHSA-pp7q-6j3f-74vj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp7q-6j3f-74vj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54434?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-pp7q-6j3f-74vj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qjj-wqg5-dbay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56456?format=json","vulnerability_id":"VCID-5cfa-whq6-9ucp","summary":"Silverstripe Framework has a XSS in form messages\nIn some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message.\n\nSome form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277","reference_id":"","reference_type":"","scores":[{"value":"0.01452","scoring_system":"epss","scoring_elements":"0.81169","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53277"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/74904f539347b7d1f8c5b5fb9e28d62ff251ee00"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277","reference_id":"CVE-2024-53277","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53277"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277","reference_id":"CVE-2024-53277","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-53277"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml","reference_id":"CVE-2024-53277.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-53277.yaml"},{"reference_url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"GHSA-ff6q-3c9c-6cf5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ff6q-3c9c-6cf5"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5","reference_id":"GHSA-ff6q-3c9c-6cf5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:52:17Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-ff6q-3c9c-6cf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83724?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-79qx-v5uu-jyf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/794824?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-53277","GHSA-ff6q-3c9c-6cf5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfa-whq6-9ucp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57123?format=json","vulnerability_id":"VCID-79qx-v5uu-jyf2","summary":"Silverstripe Framework has a XSS vulnerability in HTML editor\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45229","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30148"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/e99cfd62d160d145a76fcf9631e6b11226e42358"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/pull/11682","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/pull/11682"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148","reference_id":"CVE-2025-30148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30148"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148","reference_id":"CVE-2025-30148","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2025-30148"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml","reference_id":"CVE-2025-30148.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2025-30148.yaml"},{"reference_url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387","reference_id":"GHSA-rhx4-hvx9-j387","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rhx4-hvx9-j387"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387","reference_id":"GHSA-rhx4-hvx9-j387","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T13:34:01Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-rhx4-hvx9-j387"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84817?format=json","purl":"pkg:composer/silverstripe/framework@5.3.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.23"}],"aliases":["CVE-2025-30148","GHSA-rhx4-hvx9-j387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79qx-v5uu-jyf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51855?format=json","vulnerability_id":"VCID-7hxq-cp29-r7dh","summary":"Cross-site Scripting\nIn SilverStripe asset-admin, there is XSS in file titles managed through the CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57587","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57535","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14272"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14272.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14272"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272","reference_id":"CVE-2019-14272","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14272"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a1p9-cwzb-kbgb"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14272","GHSA-jgw2-f5mx-rg7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxq-cp29-r7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56468?format=json","vulnerability_id":"VCID-86vg-4j71-hkgr","summary":"Silverstripe Framework has a XSS via insert media remote file oembed\nWhen using the \"insert media\" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605","reference_id":"","reference_type":"","scores":[{"value":"0.07112","scoring_system":"epss","scoring_elements":"0.91697","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47605"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/09b5052c86932f273e0d733428c9aade70ff2a4a"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt","reference_id":"CVE-2024-47605","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52199.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605","reference_id":"CVE-2024-47605","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47605"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605","reference_id":"CVE-2024-47605","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-47605"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml","reference_id":"CVE-2024-47605.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-47605.yaml"},{"reference_url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"GHSA-7cmp-cgg8-4c82","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7cmp-cgg8-4c82"},{"reference_url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82","reference_id":"GHSA-7cmp-cgg8-4c82","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:53:47Z/"}],"url":"https://github.com/silverstripe/silverstripe-asset-admin/security/advisories/GHSA-7cmp-cgg8-4c82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83724?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-79qx-v5uu-jyf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/794824?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["CVE-2024-47605","GHSA-7cmp-cgg8-4c82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86vg-4j71-hkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56477?format=json","vulnerability_id":"VCID-8u5c-6vx3-mfcr","summary":"Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message\n> [!IMPORTANT]\n> This vulnerability only affects sites which are in the \"dev\" environment mode. If your production website is in \"dev\" mode, it has been misconfigured, and you should immediately swap it to \"live\" mode.\n> See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information.\n\nIf a website has been set to the \"dev\" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a555dad4ec73c929f6316bcb4019eb325a5b77d8"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-002","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-002"},{"reference_url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"GHSA-mqf3-qpc3-g26q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mqf3-qpc3-g26q"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q","reference_id":"GHSA-mqf3-qpc3-g26q","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-mqf3-qpc3-g26q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83724?format=json","purl":"pkg:composer/silverstripe/framework@5.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-79qx-v5uu-jyf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/794824?format=json","purl":"pkg:composer/silverstripe/framework@6.0.0-alpha1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@6.0.0-alpha1"}],"aliases":["GHSA-mqf3-qpc3-g26q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8u5c-6vx3-mfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46874?format=json","vulnerability_id":"VCID-9y5u-qyzd-3ud9","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nSilverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45478","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48714"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-48714.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714","reference_id":"CVE-2023-48714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48714"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714","reference_id":"CVE-2023-48714","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-48714"},{"reference_url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"GHSA-qm2j-qvq3-j29v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm2j-qvq3-j29v"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v","reference_id":"GHSA-qm2j-qvq3-j29v","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T23:32:05Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-qm2j-qvq3-j29v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68579?format=json","purl":"pkg:composer/silverstripe/framework@4.13.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.39"},{"url":"http://public2.vulnerablecode.io/api/packages/68580?format=json","purl":"pkg:composer/silverstripe/framework@5.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.1.11"}],"aliases":["CVE-2023-48714","GHSA-qm2j-qvq3-j29v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y5u-qyzd-3ud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45052?format=json","vulnerability_id":"VCID-a7cf-kpzy-xudd","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42323","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22729"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22729.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/1a5bb4cbece1721203977910b8ecd8b79c18dc77"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22729"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729","reference_id":"CVE-2023-22729","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22729"},{"reference_url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fw84-xgm8-9jmv"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv","reference_id":"GHSA-fw84-xgm8-9jmv","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:14Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64977?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22729","GHSA-fw84-xgm8-9jmv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cf-kpzy-xudd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55043?format=json","vulnerability_id":"VCID-aygc-4nhm-n7eq","summary":"silverstripe/framework SQL injection in full text search\nWhen performing a fulltext search in SilverStripe 4.0.0 the 'start' querystring parameter is never escaped safely. This exposes a possible SQL injection vulnerability.\n\nThe issue exists in 3.5 and 3.6 but is less vulnerable, as SearchForm sanitises these variables prior to passing to mysql.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-008-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/099a5a3c2d99ed39bdd8815e1e2790bb9351770b"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/a8465900bdc77199176c953890ce7587045b1ea4"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-008","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-008"},{"reference_url":"https://github.com/advisories/GHSA-xx4r-5265-48j6","reference_id":"GHSA-xx4r-5265-48j6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xx4r-5265-48j6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-xx4r-5265-48j6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aygc-4nhm-n7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51851?format=json","vulnerability_id":"VCID-b6nm-cphj-wfgw","summary":"Improper Privilege Management\nIn SilverStripe, there is access escalation for CMS users with limited access through permission cache pollution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53948","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12617"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12617.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12617"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/","reference_id":"CVE-2019-12617","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12617/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617","reference_id":"CVE-2019-12617","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12617"},{"reference_url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m","reference_id":"GHSA-6r58-4xgr-gm6m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r58-4xgr-gm6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12617","GHSA-6r58-4xgr-gm6m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6nm-cphj-wfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38848?format=json","vulnerability_id":"VCID-b95v-49p7-fkas","summary":"Cross-site Scripting\nSilverStripe CMS has an XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an `admin/assets/add` pathname.","references":[{"reference_url":"http://lists.openwall.net/full-disclosure/2017/09/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openwall.net/full-disclosure/2017/09/14/2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59498","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59447","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14498"},{"reference_url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.silverstripe.org/en/3/changelogs/3.6.1"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"},{"reference_url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498","reference_id":"CVE-2017-14498","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14498"},{"reference_url":"https://github.com/advisories/GHSA-j696-6m57-mcrv","reference_id":"GHSA-j696-6m57-mcrv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j696-6m57-mcrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/213034?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1-alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/54103?format=json","purl":"pkg:composer/silverstripe/framework@3.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.1"}],"aliases":["CVE-2017-14498","GHSA-j696-6m57-mcrv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b95v-49p7-fkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55023?format=json","vulnerability_id":"VCID-bwrh-updj-zkfs","summary":"silverstripe/framework member disclosure in login form\nThere is a user ID enumeration vulnerability in our brute force error messages.\n\n- Users that don't exist in will never get a locked out message\n- Users that do exist, will get a locked out message\n\nThis means an attacker can infer or confirm user details that exist in the member table.\n\nThis issue has been resolved by ensuring that login attempt logging and lockout process works equivalently for non-existent users as it does for existant users.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-002-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f71efb5063c57d823dd130b9bfd018f6ef903d49"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-002","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-002"},{"reference_url":"https://github.com/advisories/GHSA-g84q-cq55-xwgp","reference_id":"GHSA-g84q-cq55-xwgp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g84q-cq55-xwgp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54434?format=json","purl":"pkg:composer/silverstripe/framework@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.4"}],"aliases":["GHSA-g84q-cq55-xwgp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwrh-updj-zkfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38498?format=json","vulnerability_id":"VCID-c6bz-jwhm-vkgp","summary":"Cross-site Scripting\nThere is an XSS in SilverStripe CMS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.5014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50201","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5197"},{"reference_url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123234141/http://www.securityfocus.com/bid/96572"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/96572","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96572"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197","reference_id":"CVE-2017-5197","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5197"},{"reference_url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h","reference_id":"GHSA-xmjh-wjc5-wg4h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmjh-wjc5-wg4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53252?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3j6f-5c14-uubc"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4qjj-wqg5-dbay"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-bwrh-updj-zkfs"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-njph-ua7r-auaq"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/53317?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3j6f-5c14-uubc"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4qjj-wqg5-dbay"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-bwrh-updj-zkfs"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2017-5197","GHSA-xmjh-wjc5-wg4h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6bz-jwhm-vkgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51839?format=json","vulnerability_id":"VCID-cmwn-cjff-9qau","summary":"Session Fixation\nSilverStripe allows session fixation in the \"change password\" form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17184","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17108","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12203"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12203.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/blob/4/docs/en/04_Changelogs/4.4.4.md#444"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12203"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/","reference_id":"CVE-2019-12203","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12203/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203","reference_id":"CVE-2019-12203","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12203"},{"reference_url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2","reference_id":"GHSA-w7r7-r8r9-vrg2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7r7-r8r9-vrg2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144275?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/144274?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12203","GHSA-w7r7-r8r9-vrg2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmwn-cjff-9qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55028?format=json","vulnerability_id":"VCID-fm87-te3v-pkc8","summary":"silverstripe/framework CSV Excel Macro Injection\nIn the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software (including Microsoft Excel) may be executed.\n\nIn order to safeguard against this threat all potentially executable cell values exported from CSV will be prepended with a literal tab character.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-007-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/55739fa5af6171594b2cb4f3621d5fcce5e887d4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cfe1d4f481bf53ea8da2b8608a563e207d923df9"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/dd4c5417e7592e29e698af428b72bdb9b6729797"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://github.com/advisories/GHSA-mqjc-x563-c9q8","reference_id":"GHSA-mqjc-x563-c9q8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqjc-x563-c9q8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["GHSA-mqjc-x563-c9q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm87-te3v-pkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45758?format=json","vulnerability_id":"VCID-gnpw-s9hp-wqfs","summary":"Improper Input Validation\nSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-32302.yaml"},{"reference_url":"https://github.com/github/advisory-database/pull/2575","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/2575"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/7b21b38ac4532d06565dfcefad50540ebd2b50f4"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/4.13.14"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases/tag/5.0.13"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2023-32302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302","reference_id":"CVE-2023-32302","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32302"},{"reference_url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"GHSA-36xx-7vf6-7mv3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-36xx-7vf6-7mv3"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3","reference_id":"GHSA-36xx-7vf6-7mv3","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-36xx-7vf6-7mv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66345?format=json","purl":"pkg:composer/silverstripe/framework@4.13.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.13.14"},{"url":"http://public2.vulnerablecode.io/api/packages/66346?format=json","purl":"pkg:composer/silverstripe/framework@5.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.0.13"}],"aliases":["CVE-2023-32302","GHSA-36xx-7vf6-7mv3"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpw-s9hp-wqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55036?format=json","vulnerability_id":"VCID-h1y5-n4b7-ckg6","summary":"silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms\nUser enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-005","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-005"},{"reference_url":"https://github.com/advisories/GHSA-7m2v-x7rg-5hm5","reference_id":"GHSA-7m2v-x7rg-5hm5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m2v-x7rg-5hm5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54435?format=json","purl":"pkg:composer/silverstripe/framework@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/54913?format=json","purl":"pkg:composer/silverstripe/framework@3.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.2"}],"aliases":["GHSA-7m2v-x7rg-5hm5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1y5-n4b7-ckg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42251?format=json","vulnerability_id":"VCID-hcuz-gz3w-97ew","summary":"Business Logic Errors in GitHub repository silverstripe/silverstripe-framework","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/cbf2987a616e9ef4d7eccae5d763ef2179bdbcc2"},{"reference_url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/35631e3a-f4b9-41ad-857c-7e3021932a72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227","reference_id":"CVE-2022-0227","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0227"},{"reference_url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8","reference_id":"GHSA-32m2-9f76-4gv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32m2-9f76-4gv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60382?format=json","purl":"pkg:composer/silverstripe/framework@4.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.10.1"}],"aliases":["CVE-2022-0227","GHSA-32m2-9f76-4gv8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hcuz-gz3w-97ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55532?format=json","vulnerability_id":"VCID-k46z-g6jp-57ek","summary":"Silverstripe uses TinyMCE which allows svg files linked in object tags\nTinyMCE v6 has a configuration value `convert_unsafe_embeds` set to `false` which allows svg files containing javascript to be used in `<object>` or `<embed>` tags, which can be used as a vector for XSS attacks.\n\nNote that `<embed>` tags are not allowed by default.\n\nAfter patching the default value of `convert_unsafe_embeds` will be set to `true`. This means that `<object>` tags will be converted to iframes instead the next time the page is saved, which may break any pages that rely upon previously saved `<object>` tags. Developers can override this configuration if desired to revert to the original behaviour.\n\nWe reviewed the potential impact of this vulnerability within the context of Silverstripe CMS. We concluded this is a medium impact vulnerability given how TinyMCE is used by Silverstripe CMS.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2024-001.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2024-001","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2024-001"},{"reference_url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"GHSA-52cw-pvq9-9m5v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52cw-pvq9-9m5v"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v","reference_id":"GHSA-52cw-pvq9-9m5v","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-52cw-pvq9-9m5v"},{"reference_url":"https://github.com/advisories/GHSA-5359-pvf2-pw78","reference_id":"GHSA-5359-pvf2-pw78","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5359-pvf2-pw78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82195?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["GHSA-52cw-pvq9-9m5v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k46z-g6jp-57ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55529?format=json","vulnerability_id":"VCID-ky21-z2d2-sye6","summary":"Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload\nA bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it.\n\nThe server-side sanitisation logic has been updated to sanitise against this type of attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981","reference_id":"","reference_type":"","scores":[{"value":"0.0105","scoring_system":"epss","scoring_elements":"0.7791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32981"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/b8d20dc9d531550e06fd7da7a0eafa551922e2e1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981","reference_id":"CVE-2024-32981","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32981"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981","reference_id":"CVE-2024-32981","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://www.silverstripe.org/download/security-releases/cve-2024-32981"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml","reference_id":"CVE-2024-32981.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2024-32981.yaml"},{"reference_url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"GHSA-chx7-9x8h-r5mg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chx7-9x8h-r5mg"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg","reference_id":"GHSA-chx7-9x8h-r5mg","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-18T13:18:39Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-chx7-9x8h-r5mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82195?format=json","purl":"pkg:composer/silverstripe/framework@5.2.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@5.2.16"}],"aliases":["CVE-2024-32981","GHSA-chx7-9x8h-r5mg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ky21-z2d2-sye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51853?format=json","vulnerability_id":"VCID-mkex-ht2r-cucz","summary":"Files or Directories Accessible to External Parties\nIn SilverStripe, there is broken access control on files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56702","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56754","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14273"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-14273.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14273"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273","reference_id":"CVE-2019-14273","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-14273"},{"reference_url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f","reference_id":"GHSA-43jj-2rwc-2m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43jj-2rwc-2m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a1p9-cwzb-kbgb"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-14273","GHSA-43jj-2rwc-2m3f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkex-ht2r-cucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41545?format=json","vulnerability_id":"VCID-n4fk-735u-2baw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nSilverStripe Framework suffers from a XSS vulnerablity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150","reference_id":"","reference_type":"","scores":[{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00372","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36150"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/CVE-2021-36150.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36150"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150","reference_id":"CVE-2021-36150","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-36150"},{"reference_url":"https://github.com/advisories/GHSA-j66h-cc96-c32q","reference_id":"GHSA-j66h-cc96-c32q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j66h-cc96-c32q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/537575?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/59222?format=json","purl":"pkg:composer/silverstripe/framework@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.9.0"}],"aliases":["CVE-2021-36150","GHSA-j66h-cc96-c32q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fk-735u-2baw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55045?format=json","vulnerability_id":"VCID-njph-ua7r-auaq","summary":"silverstripe/framework has Cross-site Scripting vulnerability in page name\nsilverstripe/framework is vulnerable to XSS in Page name where the payload `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-001-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/9574d627f95aca7ae0fcefcae2bf56215777e190"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001"},{"reference_url":"https://github.com/advisories/GHSA-hhvj-mcrx-3vcf","reference_id":"GHSA-hhvj-mcrx-3vcf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhvj-mcrx-3vcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53317?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3j6f-5c14-uubc"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4qjj-wqg5-dbay"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-bwrh-updj-zkfs"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["GHSA-hhvj-mcrx-3vcf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njph-ua7r-auaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51842?format=json","vulnerability_id":"VCID-nute-ndg2-z7ev","summary":"Cross-site Scripting\nSilverStripe has Flash Clipboard Reflected XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59681","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12205"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12205.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-admin/commit/6e6fa5c618b9dbf4cc0a56704834bfa1d5b0d18e"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12205"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205","reference_id":"CVE-2019-12205","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12205"},{"reference_url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5","reference_id":"GHSA-rfvw-5848-gxc5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rfvw-5848-gxc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76174?format=json","purl":"pkg:composer/silverstripe/framework@4.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12205","GHSA-rfvw-5848-gxc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nute-ndg2-z7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111897?format=json","vulnerability_id":"VCID-pkve-yjqy-syc2","summary":"SilverStripe Web Cache Poisoning through HTTPRequestBuilder\nSilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4335","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19326"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19326.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/107706c12cd9cf4d1b8b96b6a6e223633209d851"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/8518987cbd1eaca71b65dd4a4b35591db941509a"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/98926e4e6c26d1d43bb1faf516d15bdb2739556e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19326"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-19326"},{"reference_url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m","reference_id":"GHSA-q9ff-3q93-fm8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q9ff-3q93-fm8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77683?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/77688?format=json","purl":"pkg:composer/silverstripe/framework@4.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/77689?format=json","purl":"pkg:composer/silverstripe/framework@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.4"}],"aliases":["CVE-2019-19326","GHSA-q9ff-3q93-fm8m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkve-yjqy-syc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39336?format=json","vulnerability_id":"VCID-qdwg-f2bx-1bay","summary":"Injection Vulnerability\nIn the CSV export feature of SilverStripe, it is possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43781","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43711","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18049"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.exploit-db.com/exploits/43396","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43396"},{"reference_url":"https://www.exploit-db.com/exploits/43396/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43396/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-007","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-007"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049","reference_id":"CVE-2017-18049","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18049"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/215636?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/215639?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3-rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3-rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/215640?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a1p9-cwzb-kbgb"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1-rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/54917?format=json","purl":"pkg:composer/silverstripe/framework@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aj7q-x4hc-xbdm"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-g7kn-gn2m-myc3"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h9g1-7wez-8qft"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-m3us-9sft-wbh8"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-p2m9-rejx-e3e9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tsdn-bu3d-ubaf"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-yxuh-bxh5-z3cw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.1"}],"aliases":["CVE-2017-18049","GHSA-2jvj-mhf2-g99w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdwg-f2bx-1bay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54588?format=json","vulnerability_id":"VCID-qmfy-dxag-uuex","summary":"Improper Authentication\nIn SilverStripe, GraphQL does not honour MFA (multi-factor authentication) when using basic authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44223","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44155","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26136"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136","reference_id":"CVE-2020-26136","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26136"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136","reference_id":"CVE-2020-26136","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26136"},{"reference_url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2","reference_id":"GHSA-mg2g-8pwj-r2j2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mg2g-8pwj-r2j2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80966?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"}],"aliases":["CVE-2020-26136","GHSA-mg2g-8pwj-r2j2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmfy-dxag-uuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41074?format=json","vulnerability_id":"VCID-r1eg-dwej-5kau","summary":"Cross-Site Request Forgery (CSRF)\nCross Site Request Forgery (CSRF) Protection Bypass in GraphQL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41982","published_at":"2026-06-04T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42056","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12437"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2019-12437.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/3c1dd6b839b7c0e2cbc85074bb5840ebded6097c"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/commit/db28f3075ae2335905f43ac808e9177497e354ff"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12437"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437","reference_id":"CVE-2019-12437","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"}],"aliases":["CVE-2019-12437","GHSA-fx37-56v6-85q6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1eg-dwej-5kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41544?format=json","vulnerability_id":"VCID-sg62-98yy-2kd7","summary":"Incorrect Authorization\nDefault SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37842","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37751","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28661"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2021-28661.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/pull/407/commits/16961459f681f7b32145296189dfdbcc7715e6ed"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-graphql/releases/tag/3.5.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28661"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661","reference_id":"CVE-2021-28661","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2021-28661"},{"reference_url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx","reference_id":"GHSA-r7rh-g777-g5gx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r7rh-g777-g5gx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53317?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3j6f-5c14-uubc"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4qjj-wqg5-dbay"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-bwrh-updj-zkfs"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2"}],"aliases":["CVE-2021-28661","GHSA-r7rh-g777-g5gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sg62-98yy-2kd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38467?format=json","vulnerability_id":"VCID-t81f-5b8z-hyht","summary":"XSS In page name\nSilverStripe is vulnerable to XSS via the page name. For instance, page name `\"><svg/onload=alert(/xss/)>` will trigger an XSS alert.","references":[{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/silverstripe/silverstripe-framework/commit/c6c6c13fc265aeedf5de7226b3cde39d185ba49d"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53252?format=json","purl":"pkg:composer/silverstripe/framework@3.5.2-rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-37d1-tt74-yyfm"},{"vulnerability":"VCID-3j6f-5c14-uubc"},{"vulnerability":"VCID-3x46-q9cb-7ubg"},{"vulnerability":"VCID-4qjj-wqg5-dbay"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-aygc-4nhm-n7eq"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-b95v-49p7-fkas"},{"vulnerability":"VCID-bwrh-updj-zkfs"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fm87-te3v-pkc8"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-h1y5-n4b7-ckg6"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-njph-ua7r-auaq"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qdwg-f2bx-1bay"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-sg62-98yy-2kd7"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"},{"vulnerability":"VCID-znbg-16r4-6ybg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.2-rc1"}],"aliases":["SS-2017-001"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t81f-5b8z-hyht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54583?format=json","vulnerability_id":"VCID-tv7h-289s-xub4","summary":"Improper Restriction of XML External Entity Reference\nSilverStripe has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57618","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25817"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2021-25817"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817","reference_id":"CVE-2020-25817","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25817"},{"reference_url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8","reference_id":"GHSA-3vjc-5x79-m9r8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vjc-5x79-m9r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80966?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/148355?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-25817","GHSA-3vjc-5x79-m9r8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv7h-289s-xub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52799?format=json","vulnerability_id":"VCID-umhc-fdfh-1fdx","summary":"Cross-site Scripting\nIn SilverStripe, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57206","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57155","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9311"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-9311.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-cms","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-cms"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-9311"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311","reference_id":"CVE-2020-9311","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9311"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311","reference_id":"CVE-2020-9311","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2020-9311"},{"reference_url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x","reference_id":"GHSA-2pw2-qpcp-m47x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2pw2-qpcp-m47x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77683?format=json","purl":"pkg:composer/silverstripe/framework@3.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.5"}],"aliases":["CVE-2020-9311","GHSA-2pw2-qpcp-m47x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umhc-fdfh-1fdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110076?format=json","vulnerability_id":"VCID-uy47-3s8a-hbdn","summary":"Silverstipe CMS Stored XSS in custom meta tags\nA malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.\nThis requires CMS access to exploit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55551","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55495","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37421"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/cms/CVE-2022-37421.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37421"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2022-37421"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421","reference_id":"CVE-2022-37421","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T20:34:09Z/"}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2022-37421"},{"reference_url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf","reference_id":"GHSA-pp74-g2q5-j4jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp74-g2q5-j4jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504775?format=json","purl":"pkg:composer/silverstripe/framework@4.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.11.3"}],"aliases":["CVE-2022-37421","GHSA-pp74-g2q5-j4jf","GMS-2022-6855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uy47-3s8a-hbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54582?format=json","vulnerability_id":"VCID-wgdv-etcq-3qhw","summary":"Improper Input Validation\nIn SilverStripe, a FormField with square brackets in the field name skips validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52854","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52915","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26138"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2020-26138.yaml"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138","reference_id":"CVE-2020-26138","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/","reference_id":"CVE-2020-26138","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2020-26138/"},{"reference_url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44","reference_id":"GHSA-7mv4-4xpg-xq44","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mv4-4xpg-xq44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80966?format=json","purl":"pkg:composer/silverstripe/framework@4.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/148355?format=json","purl":"pkg:composer/silverstripe/framework@4.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.7.4"}],"aliases":["CVE-2020-26138","GHSA-7mv4-4xpg-xq44"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdv-etcq-3qhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52274?format=json","vulnerability_id":"VCID-xg74-3h1h-kqaf","summary":"Uncontrolled Resource Consumption\nSilverStripe allows a Denial of Service on flush and development URL tools.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36088","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35994","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12246"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-12246.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/ca56e8d78e468874b9267c94d8ec75240b6da0ab"},{"reference_url":"https://www.silverstripe.org/blog/tag/release","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/blog/tag/release"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12246"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246","reference_id":"CVE-2019-12246","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12246"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/76173?format=json","purl":"pkg:composer/silverstripe/framework@4.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0"}],"aliases":["CVE-2019-12246","GHSA-5fr8-xhqq-4p3q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg74-3h1h-kqaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51847?format=json","vulnerability_id":"VCID-y8et-m846-2fc6","summary":"Information Exposure\nSilverStripe has incorrect access control for protected files uploaded via `Upload::loadIntoFile()`. An attacker may be able to guess a filename in `silverstripe/assets` via the `AssetControlExtension`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49005","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49066","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12245"},{"reference_url":"https://forum.silverstripe.org/c/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.silverstripe.org/c/releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases"},{"reference_url":"https://www.silverstripe.org/download/security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12245"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/","reference_id":"CVE-2019-12245","reference_type":"","scores":[],"url":"https://www.silverstripe.org/download/security-releases/cve-2019-12245/"},{"reference_url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245","reference_id":"CVE-2019-12245","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/CVE-2019-12245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml","reference_id":"CVE-2019-12245.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/assets/CVE-2019-12245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p","reference_id":"GHSA-jvx5-rm6q-gx7p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvx5-rm6q-gx7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144275?format=json","purl":"pkg:composer/silverstripe/framework@3.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.8"},{"url":"http://public2.vulnerablecode.io/api/packages/144274?format=json","purl":"pkg:composer/silverstripe/framework@3.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/75986?format=json","purl":"pkg:composer/silverstripe/framework@4.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nzcm-xbxx-wyf9"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/144279?format=json","purl":"pkg:composer/silverstripe/framework@4.3.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/76175?format=json","purl":"pkg:composer/silverstripe/framework@4.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-24a5-ruc4-bycq"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-5dt7-nc8t-nqgh"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7gak-15m5-j3f5"},{"vulnerability":"VCID-7w7t-3783-1kbs"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9t4k-8hsz-bfdw"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-ca4q-xd4v-vqfe"},{"vulnerability":"VCID-fmfu-81xu-pfdy"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-ru3j-21j8-ayhm"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xm4q-u96p-57dd"},{"vulnerability":"VCID-ytbc-8mhd-b3fc"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4"}],"aliases":["CVE-2019-12245","GHSA-jvx5-rm6q-gx7p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8et-m846-2fc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45062?format=json","vulnerability_id":"VCID-zdge-zsmz-8ud9","summary":"Missing Authorization\nSilverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1724","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17318","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22728"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2023-22728.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/fd5d8217e83768d7bf841e94b2d4d82642d5bc58"},{"reference_url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/cve-2023-22728"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728","reference_id":"CVE-2023-22728","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22728"},{"reference_url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh3w-6jp2-vqqm"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm","reference_id":"GHSA-jh3w-6jp2-vqqm","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T16:10:52Z/"}],"url":"https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-jh3w-6jp2-vqqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64977?format=json","purl":"pkg:composer/silverstripe/framework@4.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-2hk2-hzyh-wbhf"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.5"}],"aliases":["CVE-2023-22728","GHSA-jh3w-6jp2-vqqm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdge-zsmz-8ud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55037?format=json","vulnerability_id":"VCID-znbg-16r4-6ybg","summary":"silverstripe/framework's User-Agent header not correctly invalidating user session\nA security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user session.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-006-1.yaml"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/44de03da0147e6094b02602b7b73d5b1a1306d78"},{"reference_url":"https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/silverstripe/silverstripe-framework/commit/d47667bb0768841e4b305fa95d5a4e2ba232c4ad"},{"reference_url":"https://www.silverstripe.org/download/security-releases/ss-2017-006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.silverstripe.org/download/security-releases/ss-2017-006"},{"reference_url":"https://github.com/advisories/GHSA-4qx8-j9vh-2628","reference_id":"GHSA-4qx8-j9vh-2628","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qx8-j9vh-2628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54915?format=json","purl":"pkg:composer/silverstripe/framework@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54916?format=json","purl":"pkg:composer/silverstripe/framework@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sx-j3x7-gkcr"},{"vulnerability":"VCID-1mmc-91gk-r3d3"},{"vulnerability":"VCID-1p79-328x-sueq"},{"vulnerability":"VCID-5cfa-whq6-9ucp"},{"vulnerability":"VCID-79qx-v5uu-jyf2"},{"vulnerability":"VCID-7hxq-cp29-r7dh"},{"vulnerability":"VCID-86vg-4j71-hkgr"},{"vulnerability":"VCID-8u5c-6vx3-mfcr"},{"vulnerability":"VCID-9y5u-qyzd-3ud9"},{"vulnerability":"VCID-a7cf-kpzy-xudd"},{"vulnerability":"VCID-b6nm-cphj-wfgw"},{"vulnerability":"VCID-cmwn-cjff-9qau"},{"vulnerability":"VCID-gnpw-s9hp-wqfs"},{"vulnerability":"VCID-hcuz-gz3w-97ew"},{"vulnerability":"VCID-hq36-9ntc-akez"},{"vulnerability":"VCID-k46z-g6jp-57ek"},{"vulnerability":"VCID-ky21-z2d2-sye6"},{"vulnerability":"VCID-mkex-ht2r-cucz"},{"vulnerability":"VCID-n4fk-735u-2baw"},{"vulnerability":"VCID-nute-ndg2-z7ev"},{"vulnerability":"VCID-pkve-yjqy-syc2"},{"vulnerability":"VCID-qmfy-dxag-uuex"},{"vulnerability":"VCID-r1eg-dwej-5kau"},{"vulnerability":"VCID-tv7h-289s-xub4"},{"vulnerability":"VCID-u9e7-1zhg-mygt"},{"vulnerability":"VCID-umhc-fdfh-1fdx"},{"vulnerability":"VCID-uy47-3s8a-hbdn"},{"vulnerability":"VCID-wgdv-etcq-3qhw"},{"vulnerability":"VCID-xg74-3h1h-kqaf"},{"vulnerability":"VCID-y8et-m846-2fc6"},{"vulnerability":"VCID-zdge-zsmz-8ud9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.6.3"}],"aliases":["GHSA-4qx8-j9vh-2628"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znbg-16r4-6ybg"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@3.5.0"}