Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe framework vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38146
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 2 of 3).
Silverstripe Framework
NA
CVE-2022-38148
Silverstripe silverstripe/framework up to and including 4.11 allows SQL Injection.
Silverstripe Framework
3.5
CVSSv2
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Silverstripe Silverstripe
6.4
CVSSv2
CVE-2022-24444
Silverstripe silverstripe/framework up to and including 4.10 allows Session Fixation.
Silverstripe Silverstripe 2.5.0
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2022-25238
Silverstripe silverstripe/framework up to and including 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project ...
Silverstripe Framework
4.3
CVSSv2
CVE-2021-36150
SilverStripe Framework up to and including 4.8.1 allows XSS.
Silverstripe Silverstripe
5
CVSSv2
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2015-8606
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework prior to 3.1.16 and 3.2.x prior to 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/fie...
Silverstripe Silverstripe
Silverstripe Silverstripe 3.2.0
4.3
CVSSv2
CVE-2015-5063
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
Silverstripe Silverstripe 3.1.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »