Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-26138
In SilverStripe up to and including 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.3
CVSSv3
CVE-2017-12849
Response discrepancy in the login and password reset forms in SilverStripe CMS prior to 3.5.5 and 3.6.x prior to 3.6.1 allows remote malicious users to enumerate users via timing attacks.
Silverstripe Silverstripe 3.6.0
Silverstripe Silverstripe
4.8
CVSSv3
CVE-2020-25817
SilverStripe up to and including 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or ...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
6.5
CVSSv3
CVE-2020-26136
In SilverStripe up to and including 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
5.3
CVSSv3
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
8.8
CVSSv3
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2020-9280
In SilverStripe up to and including 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureass...
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2019-19325
SilverStripe up to and including 4.4.x prior to 4.4.5 and 4.5.x prior to 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross...
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »