Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-24444
Silverstripe silverstripe/framework up to and including 4.10 allows Session Fixation.
Silverstripe Silverstripe 2.5.0
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2022-29858
Silverstripe silverstripe/assets up to and including 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Silverstripe Assets
6.5
CVSSv3
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-25238
Silverstripe silverstripe/framework up to and including 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project ...
Silverstripe Framework
6.5
CVSSv3
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments t...
Silverstripe Silverstripe-omnipay
4.3
CVSSv3
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2021-36150
SilverStripe Framework up to and including 4.8.1 allows XSS.
Silverstripe Silverstripe
6.5
CVSSv3
CVE-2020-26136
In SilverStripe up to and including 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.3
CVSSv3
CVE-2020-26138
In SilverStripe up to and including 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
4.8
CVSSv3
CVE-2020-25817
SilverStripe up to and including 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or ...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »