131 matches found
CVE-2021-27938
A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL...
EUVD-2015-5079
Malware in sbrugna...
EUVD-2021-0726
Malware in sbrugna...
EUVD-2022-4289
Malicious code in bioql PyPI...
EUVD-2022-3780
Malicious code in bioql PyPI...
EUVD-2022-3845
Malicious code in bioql PyPI...
EUVD-2024-0378
Malicious code in bioql PyPI...
EUVD-2022-5827
Malicious code in bioql PyPI...
EUVD-2022-4094
Malicious code in bioql PyPI...
EUVD-2022-2030
Malicious code in bioql PyPI...
EUVD-2022-4928
Malicious code in bioql PyPI...
CVE-2023-44401
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2024-32981 Cross-site Scripting vulnerability with encoded payload in silverstripe/framework
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end o...
PT-2024-40454 · Silverstripe · Silverstripe Cms
Name of the Vulnerable Software and Affected Versions: Silverstripe CMS affected versions not specified Description: The issue arises from the core template framework/templates/Includes/GridField print.ss using "Printed by $Member.Name". If the currently logged-in member's first name or surname...
Cross Site Scripting (XSS)
silverstripe/cms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper escaping of HTML input in the textfields of pages referred to by VirtualPage, which allows an attacker inject and execute arbitrary JavaScript in the browser...
CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...
GHSA-JGPH-W8RH-XF5P View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...
View permissions are bypassed for paginated lists of ORM data
Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This ha...
CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries
silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...