Lucene search

Framework Security Vulnerabilities

cve

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-28 10:15 PM

cve

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

5.4CVSS

5.1AI Score

0.001EPSS

2022-11-23 02:15 AM

cve

CVE-2022-37430

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-23 02:15 AM

cve

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-23 02:15 AM

cve

CVE-2022-38146

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

5.4CVSS

5.1AI Score

0.001EPSS

2022-11-21 04:15 PM

cve

CVE-2022-38147

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-23 03:15 AM

cve

CVE-2022-38148

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

8.8CVSS

8.8AI Score

0.003EPSS

2022-11-21 04:15 PM

cve

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.

6.1CVSS

5.9AI Score

0.001EPSS

2022-11-22 01:15 PM

cve

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

5.4CVSS

5.4AI Score

0.001EPSS

2022-11-23 12:15 AM

cve

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised ...

4.3CVSS

4.4AI Score

0.001EPSS

2023-04-26 02:15 PM

cve

CVE-2023-22729

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Use...

6.1CVSS

6.1AI Score

0.001EPSS

2023-04-26 03:15 PM

cve

CVE-2023-48714

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the recor...

4.3CVSS

4.3AI Score

0.0004EPSS

2024-01-23 02:15 PM

cve

CVE-2024-32981

Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of ...

5.4CVSS

5.5AI Score

0.0004EPSS

2024-07-17 08:15 PM