Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-12849
Response discrepancy in the login and password reset forms in SilverStripe CMS prior to 3.5.5 and 3.6.x prior to 3.6.1 allows remote malicious users to enumerate users via timing attacks.
Silverstripe Silverstripe 3.6.0
Silverstripe Silverstripe
6.4
CVSSv2
CVE-2022-24444
Silverstripe silverstripe/framework up to and including 4.10 allows Session Fixation.
Silverstripe Silverstripe 2.5.0
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2015-8606
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework prior to 3.1.16 and 3.2.x prior to 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/fie...
Silverstripe Silverstripe
Silverstripe Silverstripe 3.2.0
4.3
CVSSv2
CVE-2017-18049
In the CSV export feature of SilverStripe prior to 3.5.6, 3.6.x prior to 3.6.3, and 4.x prior to 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For ex...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.0.0
NA
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
3.7
CVSSv2
CVE-2019-12203
SilverStripe up to and including 4.3.3 allows session fixation in the "change password" form.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-19326
Silverstripe CMS sites up to and including 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malic...
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »