8 matches found
CVE-2019-12246
SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools...
Session fixation in change password form
SilverStripe through 4.3.3 allows session fixation in the "change password" form...
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...
CVE-2019-12205
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS...
CVE-2019-12203
SilverStripe through 4.3.3 allows session fixation in the "change password" form...
Cross site scripting
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS...
CVE-2019-12205
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS...