1231 matches found
CVE-2026-54720
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...
CVE-2026-54720
Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...
PT-2026-54846
Name of the Vulnerable Software and Affected Versions Silverstripe Framework versions prior to 6.2.2 Description The "Insert media from web" functionality in the CMS is susceptible to Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites, when processing...
CVE-2026-54720 - XSS attack through media embed
More info at https://www.silverstripe.org/download/security-releases/cve-2026-54720...
User Impersonation
Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to User Impersonation via insufficient validation of proxy-related HTTP headers. An attacker can spoof client IP addresses, hostnames, or protocols by...
CVE-2026-24749
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
EUVD-2026-23275
Silverstripe Assets Module has a DBFile::getURL permission bypass...
GHSA-JGCF-RF45-2F8V Silverstripe Assets Module has a DBFile::getURL() permission bypass
Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...
Silverstripe Assets Module has a DBFile::getURL() permission bypass
Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...
Incorrect Authorization
Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...
CVE-2026-24749
The CVE concerns the SilverStripe Assets Module (required for SilverStripe Framework). In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered via templates or accessed with DBFile::getURL() or DBFile::getSourceURL() erroneously add an access grant to the current session, bypassin...
CVE-2026-24749
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...
SilverStripe Assets Module 安全漏洞
The SilverStripe Assets Module is an asset component of the SilverStripe framework developed by the New Zealand-based company SilverStripe. Versions of the SilverStripe Assets Module prior to 2.4.5, as well as versions 3.0.0-rc1 to 3.1.2, contained security vulnerabilities. These vulnerabilities...
PT-2026-33347
Name of the Vulnerable Software and Affected Versions Silverstripe Assets Module versions prior to 2.4.5 Silverstripe Assets Module versions 3.0.0-rc1 through 3.1.2 Description Images rendered in templates or accessed via 'DBFile::getURL' or 'DBFile::getSourceURL' incorrectly add an access grant ...
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...
CVE-2021-27938
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...