Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-9280
In SilverStripe up to and including 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureass...
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
NA
CVE-2013-6789
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local malicious users to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CV...
Silverstripe Silverstripe 3.0.3
NA
CVE-2012-6458
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or...
Silverstripe Silverstripe 3.0.0
NA
CVE-2007-2321
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
Silverstripe Silverstripe 2.0.0
NA
CVE-2012-0976
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...
Silverstripe Silverstripe 2.4.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »