EUVD-2024-0405

Malicious code in bioql PyPI...

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to unescaped HTML posted by a CMS user into any GridField object field, which results in XSS when a user utilizes the print feature...

PT-2024-40454 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: The issue arises from the core template framework/templates/Includes/GridField print.ss using "Printed by $Member.Name". If the currently logged-in member's first name or surname...

GHSA-2HPC-MF4Q-J885 Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS...

Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter

GridField does not have sufficient CSRF protection, meaning that in some cases users with CMS access can be tricked into posting unspecified data into the CMS from external websites. Amongst other default CMS interfaces, GridField is used for management of groups, users and permissions in the CMS...

GHSA-88JP-9JRV-6368 Silverstripe XSS In GridField print

A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...

Silverstripe XSS In GridField print

A cross-site scripting vulnerability has been discovered in the print view of GridField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any field of an object in a GridField, and the print feature is used. This has been resolved by...

PT-2024-40189 · Silverstripe · Silverstripe Gridfield

Name of the Vulnerable Software and Affected Versions: Silverstripe GridField affected versions not specified Description: A cross-site scripting issue has been found in the print view of GridField. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any field o...

PT-2024-40027 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: The issue concerns insufficient CSRF protection in GridField, which can be exploited to trick users with CMS access into posting unspecified data from external websites. This affec...

CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the...

PT-2024-13629 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 4.13.39 and 5.1.11 Description: The issue allows a user to access a record's title even if they should not be able to see the record, by adding it to a GridField using the...

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

Design/Logic Flaw

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22728 Silverstripe Framework has missing permission check of canView in GridFieldPrintButton

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22728

CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...

PT-2023-18669 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 4.12.15 Description: The GridField print view incorrectly validates the permission of DataObjects, potentially allowing a content author to view records they are not authorized to access...

silverstripe framework 安全漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in Silverstripe Framework version 4.12.5 and prior versions, which stems from the GridField print view incorrectly validating the permissions of DataObjects. An attacker could use this vulnerability to view records tha...

GHSA-RR8H-F97Q-8P9C Blind SQL Injection via GridFieldSortableHeader

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state...