Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-9280
In SilverStripe up to and including 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureass...
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
7.5
CVSSv2
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
10
CVSSv2
CVE-2007-2321
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
Silverstripe Silverstripe 2.0.0
2.1
CVSSv2
CVE-2012-0976
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...
Silverstripe Silverstripe 2.4.6
1.9
CVSSv2
CVE-2010-5092
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
Silverstripe Silverstripe 2.4.0
5.8
CVSSv2
CVE-2013-2653
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote malicious users to conduct phishing attacks without detection by the victim.
Silverstripe Silverstripe 3.0.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »