Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-12849
Response discrepancy in the login and password reset forms in SilverStripe CMS prior to 3.5.5 and 3.6.x prior to 3.6.1 allows remote malicious users to enumerate users via timing attacks.
Silverstripe Silverstripe 3.6.0
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2020-26138
In SilverStripe up to and including 4.6.0-rc1, a FormField with square brackets in the field name skips validation.
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.5
CVSSv3
CVE-2017-18049
In the CSV export feature of SilverStripe prior to 3.5.6, 3.6.x prior to 3.6.3, and 4.x prior to 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For ex...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.0.0
9.8
CVSSv3
CVE-2019-5715
All versions of SilverStripe 3 before 3.6.7 and 3.7.3, and all versions of SilverStripe 4 before 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject.
Silverstripe Silverstripe 4.3.0
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
2.7
CVSSv3
CVE-2019-12617
In SilverStripe up to and including 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2019-12246
SilverStripe up to and including 4.3.3 allows a Denial of Service on flush and development URL tools.
Silverstripe Silverstripe
5.4
CVSSv3
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Silverstripe Silverstripe
6.3
CVSSv3
CVE-2019-12203
SilverStripe up to and including 4.3.3 allows session fixation in the "change password" form.
Silverstripe Silverstripe
9.8
CVSSv3
CVE-2019-12204
In SilverStripe up to and including 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access.
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »