Lucene search
K

1231 matches found

NVD
NVD
added 2026/07/01 9:17 p.m.10 views

CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 9:2 p.m.38 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:2 p.m.7 views

CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/01 9:2 p.m.6 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 9:2 p.m.12 views

CVE-2026-54720

Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54846

Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...

5.4CVSS6AI score0.00263EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2026/06/24 2:45 a.m.5 views

CVE-2026-54720 - XSS attack through media embed

More info at https://www.silverstripe.org/download/security-releases/cve-2026-54720...

5.4CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/19 3:41 p.m.9 views

User Impersonation

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...

5.3CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.5 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 8:40 p.m.8 views

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 8:40 p.m.21 views

GHSA-JGCF-RF45-2F8V Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/16 8:40 p.m.7 views

Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/16 6:31 p.m.5 views

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

6.9CVSS5.6AI score0.00398EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 5:8 p.m.13 views

CVE-2026-24749

The CVE concerns the SilverStripe Assets Module (required for SilverStripe Framework). In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered via templates or accessed with DBFile::getURL() or DBFile::getSourceURL() erroneously add an access grant to the current session, bypassin...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:8 p.m.2 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 5:8 p.m.10 views

CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

SilverStripe Assets Module 安全漏洞

The SilverStripe Assets Module is an asset component of the SilverStripe framework developed by the New Zealand-based company SilverStripe. Versions of the SilverStripe Assets Module prior to 2.4.5, as well as versions 3.0.0-rc1 to 3.1.2, contained security vulnerabilities. These vulnerabilities...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33347

Name of the Vulnerable Software and Affected Versions Silverstripe Assets Module versions prior to 2.4.5 Silverstripe Assets Module versions 3.0.0-rc1 through 3.1.2 Description Images rendered in templates or accessed via 'DBFile::getURL' or 'DBFile::getSourceURL' incorrectly add an access grant ...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.10 views

CVE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS6.8AI score0.00985EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.5 views

CVE-2021-27938

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...

6.1CVSS6.4AI score0.00751EPSS
Exploits0References1
Rows per page
Query Builder