Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2013-2653
security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote malicious users to conduct phishing attacks without detection by the victim.
Silverstripe Silverstripe 3.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2012-6458
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or...
Silverstripe Silverstripe 3.0.0
4.3
CVSSv2
CVE-2010-4822
core/model/MySQLDatabase.php in SilverStripe 2.4.x prior to 2.4.4, when the site is running in "live mode," allows remote malicious users to obtain the SQL queries for a page via the showqueries and ajax parameters.
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
4.3
CVSSv2
CVE-2012-4968
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x prior to 2.3.13 and 2.4.x prior to 2.4.7 allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML,...
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.12
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.5
Silverstripe Silverstripe 2.4.6
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.1
4.3
CVSSv2
CVE-2010-4823
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4, when custom error handling is not used, allows remote malicious users to inject arbitrary web script or HTM...
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
5
CVSSv2
CVE-2010-5078
SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silv...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
5
CVSSv2
CVE-2010-5079
SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote malicious users to by...
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
7.5
CVSSv2
CVE-2011-4960
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x prior to 2.3.12 and 2.4.x prior to 2.4.6 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.5
Silverstripe Silverstripe 2.4.0
6.8
CVSSv2
CVE-2011-4962
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x prior to 2.4.6 might allow remote malicious users to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.5
6.8
CVSSv2
CVE-2010-4824
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x prior to 2.3.10 and 2.4.x prior to 2.4.4, when the Translatable extension is enabled, allows remote malicious users to execute arbitrary SQL commands via the locale parameter...
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »