Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-37421
Silverstripe silverstripe/cms up to and including 4.11.0 allows XSS.
Silverstripe Silverstripe
445
VMScore
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
312
VMScore
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
Silverstripe Silverstripe
383
VMScore
CVE-2019-12205
SilverStripe up to and including 4.3.3 has Flash Clipboard Reflected XSS.
Silverstripe Silverstripe
445
VMScore
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
605
VMScore
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
445
VMScore
CVE-2013-6789
security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local malicious users to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CV...
Silverstripe Silverstripe 3.0.3
383
VMScore
CVE-2012-6458
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or...
Silverstripe Silverstripe 3.0.0
516
VMScore
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments t...
Silverstripe Silverstripe-omnipay
383
VMScore
CVE-2015-5063
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote malicious users to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php.
Silverstripe Silverstripe 3.1.13
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »