Filtered by vendor Silverstripe
Subscribe
Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2025-04-30 | N/A | 8.8 HIGH |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | |||||
| CVE-2022-38146 | 1 Silverstripe | 1 Framework | 2025-04-30 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | |||||
| CVE-2022-38724 | 1 Silverstripe | 3 Asset Admin, Assets, Framework | 2025-04-29 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | |||||
| CVE-2022-38462 | 1 Silverstripe | 1 Framework | 2025-04-29 | N/A | 6.1 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | |||||
| CVE-2022-38147 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). | |||||
| CVE-2022-38145 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | |||||
| CVE-2022-37430 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | |||||
| CVE-2022-37429 | 1 Silverstripe | 1 Framework | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. | |||||
| CVE-2022-37421 | 1 Silverstripe | 1 Silverstripe | 2025-04-25 | N/A | 5.4 MEDIUM |
| Silverstripe silverstripe/cms through 4.11.0 allows XSS. | |||||
| CVE-2017-12849 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. | |||||
| CVE-2017-14498 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | |||||
| CVE-2017-5197 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element. | |||||
| CVE-2022-42949 | 1 Silverstripe | 1 Subsites | 2025-04-17 | N/A | 7.5 HIGH |
| Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | |||||
| CVE-2015-8606 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework before 3.1.16 and 3.2.x before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Locale or (2) FailedLoginCount parameter to admin/security/EditForm/field/Members/item/new/ItemEditForm. | |||||
| CVE-2015-5062 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build. | |||||
| CVE-2015-5063 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter to install.php. | |||||
| CVE-2011-4958 | 1 Silverstripe | 1 Silverstripe | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/. | |||||
| CVE-2010-4824 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter. | |||||
| CVE-2010-1593 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script). | |||||
| CVE-2010-5187 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 4.3 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | |||||