Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-48714
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocomplete...
Silverstripe Framework
4.3
CVSSv3
CVE-2023-22728
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they ...
Silverstripe Framework
4.3
CVSSv3
CVE-2022-29858
Silverstripe silverstripe/assets up to and including 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Silverstripe Assets
4.3
CVSSv3
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
2.7
CVSSv3
CVE-2019-12617
In SilverStripe up to and including 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
Silverstripe Silverstripe
NA
CVE-2015-5062
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
Silverstripe Silverstripe 3.1.13
NA
CVE-2015-5063
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
Silverstripe Silverstripe 3.1.13
NA
CVE-2011-4958
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe prior to 2.3.13 and 2.4.x prior to 2.4.6 allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a reque...
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.4.5
1 EDB exploit
NA
CVE-2013-2653
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote malicious users to conduct phishing attacks without detection by the victim.
Silverstripe Silverstripe 3.0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »