Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-18049
In the CSV export feature of SilverStripe prior to 3.5.6, 3.6.x prior to 3.6.3, and 4.x prior to 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For ex...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.0.0
312
VMScore
CVE-2020-25817
SilverStripe up to and including 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or ...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
356
VMScore
CVE-2020-26136
In SilverStripe up to and including 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
445
VMScore
CVE-2020-26138
In SilverStripe up to and including 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
NA
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
383
VMScore
CVE-2021-36150
SilverStripe Framework up to and including 4.8.1 allows XSS.
Silverstripe Silverstripe
383
VMScore
CVE-2019-19326
Silverstripe CMS sites up to and including 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malic...
Silverstripe Silverstripe
383
VMScore
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
356
VMScore
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
384
VMScore
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »