Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-27938
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an malicious user to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...
Symbiote Silverstripe Queued Jobs
4.3
CVSSv2
CVE-2020-25102
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 up to and including 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditFo...
Advanced Reports Project Advanced Reports
6.8
CVSSv2
CVE-2020-9309
Silverstripe CMS up to and including 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to ex...
Silverstripe Mimevalidator
Silverstripe Recipe
3.5
CVSSv2
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
5
CVSSv2
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
5
CVSSv2
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-19326
Silverstripe CMS sites up to and including 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malic...
Silverstripe Silverstripe
5
CVSSv2
CVE-2020-9280
In SilverStripe up to and including 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureass...
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
6.8
CVSSv2
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »