Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xw77-b18v-8kc4

Summary

Reflected XSS in SilverStripe
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user&amp;#39;s credentials or other sensitive user input.

Aliases

alias	CVE-2019-19325

alias	GHSA-qvrv-2x7x-78x2

Fixed_packages

url pkg:composer/silverstripe/framework@4.4.5

purl pkg:composer/silverstripe/framework@4.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.5

url pkg:composer/silverstripe/framework@4.5.0-alpha1

purl pkg:composer/silverstripe/framework@4.5.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0-alpha1

url pkg:composer/silverstripe/framework@4.5.2

purl pkg:composer/silverstripe/framework@4.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.2

url pkg:composer/silverstripe/framework@4.12.0-rc1

purl pkg:composer/silverstripe/framework@4.12.0-rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.12.0-rc1

Affected_packages

url pkg:composer/silverstripe/framework@4.0.0

purl pkg:composer/silverstripe/framework@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1nes-cr3m-j3dv

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-6xwk-ee7f-5ubd

vulnerability	VCID-71cx-seqr-3fh5

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ab5z-bqka-xudb

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-c75p-3hdz-q3b6

vulnerability	VCID-cdgj-bdpy-ukak

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ff5q-59gf-nugg

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-g3kz-796v-4qf1

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-jx5m-bqc6-h3bv

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-kxyq-vg6e-6uac

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-p2kq-rkh6-ayeu

vulnerability	VCID-p554-wkxw-gfdh

vulnerability	VCID-pq29-qe7h-tkcp

vulnerability	VCID-qak9-2t7g-w3fv

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-u49v-31sv-eqc3

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-v116-gayp-mbfu

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xnb4-zjws-vuhu

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.0.0

url pkg:composer/silverstripe/framework@4.4.0

purl pkg:composer/silverstripe/framework@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6du5-hdvd-fueb

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-bdcq-z11u-zyh5

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-eddc-w9wx-c3gq

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-fpb7-5pwu-tyg5

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-tm1s-2m92-uyh9

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.0

url pkg:composer/silverstripe/framework@4.4.1

purl pkg:composer/silverstripe/framework@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.1

url pkg:composer/silverstripe/framework@4.4.2

purl pkg:composer/silverstripe/framework@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.2

url pkg:composer/silverstripe/framework@4.4.3

purl pkg:composer/silverstripe/framework@4.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-m8w1-g9h9-vuce

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.3

url pkg:composer/silverstripe/framework@4.4.4

purl pkg:composer/silverstripe/framework@4.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.4.4

url pkg:composer/silverstripe/framework@4.5.0

purl pkg:composer/silverstripe/framework@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-dc9y-v257-6bhf

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.0

url pkg:composer/silverstripe/framework@4.5.1

purl pkg:composer/silverstripe/framework@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rbk-47h6-d7d8

vulnerability	VCID-4f9c-aun4-wfep

vulnerability	VCID-4x32-t75c-u3bj

vulnerability	VCID-5pkg-j4wg-7fcn

vulnerability	VCID-6epx-c68d-d7bv

vulnerability	VCID-7dk3-gcup-2kc9

vulnerability	VCID-86yd-4mkt-hydr

vulnerability	VCID-a3yc-fxa1-gfhy

vulnerability	VCID-ajga-3b99-yugh

vulnerability	VCID-axxx-gpfn-mqc9

vulnerability	VCID-cfgg-fgjt-z3hn

vulnerability	VCID-d5q3-jrdb-euav

vulnerability	VCID-enkd-4y44-4ueq

vulnerability	VCID-ftdr-uzuh-8ybc

vulnerability	VCID-fyxa-vzeq-ubeq

vulnerability	VCID-gme6-wj87-ekfw

vulnerability	VCID-kak1-btjp-kqgz

vulnerability	VCID-kd3t-2gzd-q3hq

vulnerability	VCID-kgm4-g26x-gken

vulnerability	VCID-kvhv-9fj5-7kgk

vulnerability	VCID-kw9p-5fbc-hudg

vulnerability	VCID-kxa8-dmva-ayff

vulnerability	VCID-qjgf-hxng-j3g9

vulnerability	VCID-qm38-1cwk-b3hq

vulnerability	VCID-tc2y-zrea-vyb2

vulnerability	VCID-ua49-snhx-dqa4

vulnerability	VCID-w4fh-cpaq-nqat

vulnerability	VCID-xw77-b18v-8kc4

vulnerability	VCID-yuer-yn1w-q3gw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/silverstripe/framework@4.5.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19325

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.58139
published_at	2026-04-16T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.57999
published_at	2026-04-01T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58083
published_at	2026-04-02T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58104
published_at	2026-04-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58079
published_at	2026-04-07T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58133
published_at	2026-04-08T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58137
published_at	2026-04-09T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58153
published_at	2026-04-11T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.5813
published_at	2026-04-12T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58109
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19325

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/CVE-2019-19325.yaml

reference_url

https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/silverstripe/silverstripe-framework/commit/49fda52b12ba59f0a04bcabf78425586a8779e89

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19325

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19325

reference_url

https://www.silverstripe.org/download/security-releases/cve-2019-19325

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.silverstripe.org/download/security-releases/cve-2019-19325

reference_url	https://www.silverstripe.org/download/security-releases/cve-2019-19325/
reference_id	CVE-2019-19325
reference_type
scores
url	https://www.silverstripe.org/download/security-releases/cve-2019-19325/

reference_url

https://github.com/advisories/GHSA-qvrv-2x7x-78x2

reference_id

GHSA-qvrv-2x7x-78x2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qvrv-2x7x-78x2

Weaknesses

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw77-b18v-8kc4

Vulnerability Instance