Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2020-9280
In SilverStripe up to and including 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureass...
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2019-19325
SilverStripe up to and including 4.4.x prior to 4.4.5 and 4.5.x prior to 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross...
Silverstripe Silverstripe
5.9
CVSSv3
CVE-2019-19326
Silverstripe CMS sites up to and including 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malic...
Silverstripe Silverstripe
6.5
CVSSv3
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments t...
Silverstripe Silverstripe-omnipay
NA
CVE-2012-0976
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...
Silverstripe Silverstripe 2.4.6
NA
CVE-2013-6789
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local malicious users to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CV...
Silverstripe Silverstripe 3.0.3
NA
CVE-2007-2321
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
Silverstripe Silverstripe 2.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »