8 matches found
CVE-2019-12245
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile. An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension...
EUVD-2011-4868
Malware in sbrugna...
EUVD-2010-5051
Malware in sbrugna...
EUVD-2010-5054
Malware in sbrugna...
EUVD-2025-10683
Malicious code in bioql PyPI...
EUVD-2022-5644
Malicious code in bioql PyPI...
GHSA-WG4M-VVP6-2HC5 SilverStripe vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via 1 the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject...
SS-2018-006: Code execution vulnerability
More info at https://www.silverstripe.org/download/security-releases/ss-2018-006/...