Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
silverstripe vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8606
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework prior to 3.1.16 and 3.2.x prior to 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/fie...
Silverstripe Silverstripe
Silverstripe Silverstripe 3.2.0
5.3
CVSSv3
CVE-2017-12849
Response discrepancy in the login and password reset forms in SilverStripe CMS prior to 3.5.5 and 3.6.x prior to 3.6.1 allows remote malicious users to enumerate users via timing attacks.
Silverstripe Silverstripe 3.6.0
Silverstripe Silverstripe
5.5
CVSSv3
CVE-2017-18049
In the CSV export feature of SilverStripe prior to 3.5.6, 3.6.x prior to 3.6.3, and 4.x prior to 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For ex...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.0.0
4.8
CVSSv3
CVE-2020-25817
SilverStripe up to and including 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or ...
Silverstripe Silverstripe
Silverstripe Silverstripe 4.6.0
5.4
CVSSv3
CVE-2022-38724
Silverstripe silverstripe/framework up to and including 4.11.0, silverstripe/assets up to and including 1.11.0, and silverstripe/asset-admin up to and including 1.11.0 allow XSS.
Silverstripe Asset Admin
Silverstripe Assets
Silverstripe Framework
6.1
CVSSv3
CVE-2017-14498
SilverStripe CMS prior to 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS...
Silverstripe Silverstripe
8.8
CVSSv3
CVE-2019-12437
In SilverStripe up to and including 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations,
Silverstripe Silverstripe
2.7
CVSSv3
CVE-2019-12617
In SilverStripe up to and including 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution.
Silverstripe Silverstripe
4.3
CVSSv3
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x up to and including 3.4.1 permission checker not inherited by query subclass.
Silverstripe Silverstripe
7.5
CVSSv3
CVE-2020-6164
In SilverStripe up to and including 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality o...
Silverstripe Silverstripe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »