Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2010-5092
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
Silverstripe Silverstripe 2.4.0
5.8
CVSSv2
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments t...
Silverstripe Silverstripe-omnipay
2.1
CVSSv2
CVE-2012-0976
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information...
Silverstripe Silverstripe 2.4.6
4.3
CVSSv2
CVE-2012-6458
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or...
Silverstripe Silverstripe 3.0.0
5.8
CVSSv2
CVE-2015-5062
Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.
Silverstripe Silverstripe 3.1.13
NA
CVE-2023-28851
Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an malicious us...
Bigfork Silverstripe Form Capture 3.1.0
Bigfork Silverstripe Form Capture 1.0.1
Bigfork Silverstripe Form Capture 1.0
Bigfork Silverstripe Form Capture 3.0.0
Bigfork Silverstripe Form Capture
7.5
CVSSv2
CVE-2019-12149
SQL injection vulnerability in silverstripe/restfulserver module 1.0.x prior to 1.0.9, 2.0.x prior to 2.0.4, and 2.1.x prior to 2.1.2 and silverstripe/registry module 2.1.x prior to 2.1.1 and 2.2.x prior to 2.2.1 allows malicious users to execute arbitrary SQL commands.
Silverstripe Restfulserver
Silverstripe Registry
6.8
CVSSv2
CVE-2020-9309
Silverstripe CMS up to and including 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to ex...
Silverstripe Mimevalidator
Silverstripe Recipe
5
CVSSv2
CVE-2019-16409
In the Versioned Files module up to and including 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code...
Symbiote Versionedfiles
Silverstripe Silverstripe
NA
CVE-2023-28104
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affe...
Silverstripe Graphql 4.1.1
Silverstripe Graphql 4.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »