Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe assets vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
356
VMScore
CVE-2022-29858
Silverstripe silverstripe/assets up to and including 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Silverstripe Assets
435
VMScore
CVE-2011-4958
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe prior to 2.3.13 and 2.4.x prior to 2.4.6 allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a reque...
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.4.5
1 EDB exploit
445
VMScore
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
445
VMScore
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
383
VMScore
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
445
VMScore
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started