Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-19325
SilverStripe up to and including 4.4.x prior to 4.4.5 and 4.5.x prior to 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross...
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-16409
In the Versioned Files module up to and including 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code...
Symbiote Versionedfiles
Silverstripe Silverstripe
4
CVSSv2
CVE-2019-12617
In SilverStripe up to and including 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
3.7
CVSSv2
CVE-2019-12203
SilverStripe up to and including 4.3.3 allows session fixation in the "change password" form.
Silverstripe Silverstripe
7.5
CVSSv2
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
7.5
CVSSv2
CVE-2019-12149
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x prior to 1.0.9, 2.0.x prior to 2.0.4, and 2.1.x prior to 2.1.2 and silverstripe/registry module 2.1.x prior to 2.1.1 and 2.2.x prior to 2.2.1 allows malicious users to execute arbitrary SQL commands.
Silverstripe Restfulserver
Silverstripe Registry
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »