Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe assets vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
4.3
CVSSv3
CVE-2022-29858
Silverstripe silverstripe/assets up to and including 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Silverstripe Assets
NA
CVE-2011-4958
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe prior to 2.3.13 and 2.4.x prior to 2.4.6 allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a reque...
Silverstripe Silverstripe 2.3.0
Silverstripe Silverstripe 2.3.10
Silverstripe Silverstripe 2.3.11
Silverstripe Silverstripe 2.3.7
Silverstripe Silverstripe 2.3.8
Silverstripe Silverstripe
Silverstripe Silverstripe 2.3.2
Silverstripe Silverstripe 2.3.9
Silverstripe Silverstripe 2.4.0
Silverstripe Silverstripe 2.3.1
Silverstripe Silverstripe 2.3.3
Silverstripe Silverstripe 2.3.4
Silverstripe Silverstripe 2.4.1
Silverstripe Silverstripe 2.4.2
Silverstripe Silverstripe 2.4.3
Silverstripe Silverstripe 2.3.5
Silverstripe Silverstripe 2.3.6
Silverstripe Silverstripe 2.4.4
Silverstripe Silverstripe 2.4.5
1 EDB exploit
5.3
CVSSv3
CVE-2019-14273
In SilverStripe assets 4.0, there is broken access control on files.
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2019-12245
SilverStripe up to and including 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
Silverstripe Silverstripe
6.1
CVSSv3
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
5.3
CVSSv3
CVE-2020-6165
SilverStripe 4.5.0 allows malicious users to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against ...
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started