Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-49783
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch before 1.13.19 and on the 2.x branch before 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or d...
Silverstripe Admin
4.3
CVSSv3
CVE-2023-48714
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocomplete...
Silverstripe Framework
5.3
CVSSv3
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 before 4.3.7 and 5.0.0 before 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater th...
Silverstripe Graphql
7.5
CVSSv3
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
4.3
CVSSv3
CVE-2023-22728
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they ...
Silverstripe Framework
6.1
CVSSv3
CVE-2023-22729
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a speciall...
Silverstripe Framework
5.4
CVSSv3
CVE-2022-38145
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
Silverstripe Framework
5.4
CVSSv3
CVE-2022-38146
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 2 of 3).
Silverstripe Framework
8.8
CVSSv3
CVE-2022-38148
Silverstripe silverstripe/framework up to and including 4.11 allows SQL Injection.
Silverstripe Framework
6.1
CVSSv3
CVE-2022-38462
Silverstripe silverstripe/framework up to and including 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
Silverstripe Framework
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »