Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-19325
SilverStripe up to and including 4.4.x prior to 4.4.5 and 4.5.x prior to 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross...
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Silverstripe Silverstripe
5
CVSSv2
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-19326
Silverstripe CMS sites up to and including 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malic...
Silverstripe Silverstripe
3.7
CVSSv2
CVE-2019-12203
SilverStripe up to and including 4.3.3 allows session fixation in the "change password" form.
Silverstripe Silverstripe
7.5
CVSSv2
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
5
CVSSv2
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
4.3
CVSSv2
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
3.5
CVSSv2
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »