Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
SilverstripeFramework

12 matches found

CVE
CVEadded 2022/11/22 1:15 p.m.81 views

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.

6.1CVSS5.9AI score0.00459EPSS
CVE
CVEadded 2022/11/21 4:15 p.m.72 views

CVE-2022-38148

Silverstripe silverstripe/framework through 4.11 allows SQL Injection.

8.8CVSS8.8AI score0.00175EPSS
CVE
CVEadded 2022/11/23 2:15 a.m.71 views

CVE-2022-37430

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).

5.4CVSS5.2AI score0.00259EPSS
CVE
CVEadded 2022/11/23 3:15 a.m.70 views

CVE-2022-38147

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

5.4CVSS5.2AI score0.00259EPSS
CVE
CVEadded 2022/06/28 10:15 p.m.67 views

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

5.4CVSS5.2AI score0.00338EPSS
CVE
CVEadded 2022/11/23 2:15 a.m.67 views

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.

5.4CVSS5.1AI score0.00259EPSS
CVE
CVEadded 2022/11/23 12:15 a.m.66 views

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.

5.4CVSS5.4AI score0.00259EPSS
CVE
CVEadded 2022/11/23 2:15 a.m.59 views

CVE-2022-38145

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.

5.4CVSS5.2AI score0.00133EPSS
CVE
CVEadded 2022/11/21 4:15 p.m.57 views

CVE-2022-38146

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).

5.4CVSS5.1AI score0.00259EPSS
CVE
CVEadded 2023/04/26 3:15 p.m.37 views

CVE-2023-22729

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Use...

6.1CVSS5.7AI score0.00197EPSS
CVE
CVEadded 2024/01/23 2:15 p.m.32 views

CVE-2023-48714

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the recor...

4.3CVSS4.3AI score0.00226EPSS
CVE
CVEadded 2023/04/26 2:15 p.m.30 views

CVE-2023-22728

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised ...

4.3CVSS4.4AI score0.00334EPSS