Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe framework vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-22728
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they ...
Silverstripe Framework
6.1
CVSSv3
CVE-2023-22729
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a speciall...
Silverstripe Framework
6.5
CVSSv3
CVE-2022-24444
Silverstripe silverstripe/framework up to and including 4.10 allows Session Fixation.
Silverstripe Silverstripe 2.5.0
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2015-8606
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework prior to 3.1.16 and 3.2.x prior to 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/fie...
Silverstripe Silverstripe
Silverstripe Silverstripe 3.2.0
6.1
CVSSv3
CVE-2021-36150
SilverStripe Framework up to and including 4.8.1 allows XSS.
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Silverstripe Silverstripe
6.5
CVSSv3
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
Silverstripe Silverstripe
NA
CVE-2015-5063
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
Silverstripe Silverstripe 3.1.13
NA
CVE-2015-5062
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
Silverstripe Silverstripe 3.1.13
7.5
CVSSv3
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »