Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe silverstripe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49783
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch before 1.13.19 and on the 2.x branch before 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or d...
Silverstripe Admin
NA
CVE-2022-37430
Silverstripe silverstripe/framework up to and including 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
Silverstripe Framework
356
VMScore
CVE-2022-29858
Silverstripe silverstripe/assets up to and including 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Silverstripe Assets
NA
CVE-2023-48714
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocomplete...
Silverstripe Framework
NA
CVE-2022-37429
Silverstripe silverstripe/framework up to and including 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
Silverstripe Framework
NA
CVE-2023-40180
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed grap...
Silverstripe Graphql
NA
CVE-2015-10077
A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can b...
Webbuildersgroup Silverstripe-kapost-bridge
383
VMScore
CVE-2021-27938
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an malicious user to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...
Symbiote Silverstripe Queued Jobs
384
VMScore
CVE-2020-25102
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 up to and including 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditFo...
Advanced Reports Project Advanced Reports
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9