Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-24444
Silverstripe silverstripe/framework up to and including 4.10 allows Session Fixation.
Silverstripe Silverstripe 2.5.0
Silverstripe Silverstripe
4.8
CVSSv3
CVE-2020-25817
SilverStripe up to and including 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or ...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
6.5
CVSSv3
CVE-2020-26136
In SilverStripe up to and including 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.3
CVSSv3
CVE-2017-12849
Response discrepancy in the login and password reset forms in SilverStripe CMS prior to 3.5.5 and 3.6.x prior to 3.6.1 allows remote malicious users to enumerate users via timing attacks.
Silverstripe Silverstripe 3.6.0
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
6.3
CVSSv3
CVE-2019-12203
SilverStripe up to and including 4.3.3 allows session fixation in the "change password" form.
Silverstripe Silverstripe
9.8
CVSSv3
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »