Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SilverstripeFramework

15 matches found

CVE
CVEadded 2022/11/22 12:0 a.m.100 views

CVE-2022-38462

CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...

6.1CVSS5.9AI score0.00472EPSS
Web
CVE
CVEadded 2022/11/23 12:0 a.m.90 views

CVE-2022-38147

CVE-2022-38147 - XSS in Silverstripe Framework (

5.4CVSS5.2AI score0.00516EPSS
CVE
CVEadded 2022/11/23 12:0 a.m.87 views

CVE-2022-37430

CVE-2022-37430 affects SilverStripe framework up to version 4.11. The issue is an XSS in the HTMLEditor sanitiser, where uppercase attributes in the href attribute of links can be exploited to inject JavaScript. Root cause is related to how the href attribute is handled in sanitisation (uppercase...

5.4CVSS5.2AI score0.00516EPSS
CVE
CVEadded 2022/11/21 12:0 a.m.86 views

CVE-2022-38148

CVE-2022-38148 affects the Silverstripe framework (up to version 4.11) and is a SQL Injection vulnerability exploitable via the GridField state. The Red Hat and OSV entries corroborate a SQL injection risk in Silverstripe CMS/GridField, with an attacker who has CMS access able to inject arbitrary...

8.8CVSS8.8AI score0.00724EPSS
CVE
CVEadded 2022/11/22 12:0 a.m.84 views

CVE-2022-38724

CVE-2022-38724 affects Silverstripe framework ≤ 4.11.0, Silverstripe assets ≤ 1.11.0, and Silverstripe asset-admin ≤ 1.11.0. The root cause is XSS via shortcodes when arbitrary attributes can be added to HTML editor shortcodes, due to missing attribute whitelists in shortcode providers. Reported ...

5.4CVSS5.4AI score0.00653EPSS
CVE
CVEadded 2022/11/23 12:0 a.m.83 views

CVE-2022-37429

Concrete details for CVE-2022-37429: SilverStripe framework (silverstripe/framework) versions up to and including 4.11 are affected by a cross-site scripting (XSS) vulnerability. The root cause is improper handling of user-supplied data in link href attributes, allowing a JavaScript payload to be...

5.4CVSS5.1AI score0.00473EPSS
CVE
CVEadded 2022/06/28 9:39 p.m.81 views

CVE-2022-25238

CVE-2022-25238 affects the SilverStripe Framework up to version 4.10.0, where an authenticated CMS user can inject tokens into script content via XHR, enabling XSS when the cwp-core module is not installed and sanitise_server_side contig is not true. The issue is documented across multiple source...

5.4CVSS5.2AI score0.00641EPSS
CVE
CVEadded 2022/11/23 12:0 a.m.77 views

CVE-2022-38145

CVE-2022-38145 concerns stored XSS in SilverStripe’s versioned admin/compare view. Multiple connected sources describe that an attacker with CMS access can inject a Javascript payload by placing it in a page’s meta description, which then executes when viewing the version history compare. The mos...

5.4CVSS5.2AI score0.00595EPSS
CVE
CVEadded 2022/11/21 12:0 a.m.72 views

CVE-2022-38146

CVE-2022-38146 affects Silverstripe framework up to version 4.11, with a cross-site scripting (XSS) vulnerability described as issue 2 of 3. Connected sources (CNVD/CNNVD) indicate the XSS exists in Silverstripe CMS versions prior to 4.12.0 and is linked to the use of vulnerable jQuery (1.7.2) an...

5.4CVSS5.1AI score0.00529EPSS
CVE
CVEadded 2025/04/10 1:2 p.m.66 views

CVE-2025-30148

CVE-2025-30148 affects Silverstripe Framework (PHP) prior to 5.3.23. An attacker with CMS edit access could deliver an encoded payload that results in a JavaScript payload on the front end due to insufficient server-side sanitization; a fix is available in 5.3.23. The documents do not provide exp...

5.4CVSS5.3AI score0.00236EPSS
CVE
CVEadded 2025/01/14 10:45 p.m.61 views

CVE-2024-53277

The CVE-2024-53277 entry concerns the silverstripe/framework (PHP) and an XSS vulnerability in form messages. Root cause: user-provided content is included in form messages without proper sanitization. Impact: potential to execute arbitrary HTML/JS in a user’s browser. Remediation: upgrade to sil...

5.4CVSS5.3AI score0.00305EPSS
CVE
CVEadded 2024/07/17 7:36 p.m.55 views

CVE-2024-32981

The CVE-2024-32981 issue affects the Silverstripe framework (PHP) used by Silverstripe CMS. It describes an XSS vulnerability where a CMS editor can submit a specially crafted encoded payload that forces a front-end JavaScript injection; client-side sanitisation would not catch it, but server-sid...

5.4CVSS5.3AI score0.00346EPSS
CVE
CVEadded 2023/04/26 2:0 p.m.50 views

CVE-2023-22729

CVE-2023-22729 affects the Silverstripe Framework prior to version 4.12.15 . The issue allows an attacker to cause a login-screen redirect to a third‑party website by enticing a legitimate content author to follow a specially crafted link, effectively an open redirect on the CMSSecurity login pat...

6.1CVSS5.7AI score0.00419EPSS
CVE
CVEadded 2024/01/23 1:49 p.m.45 views

CVE-2023-48714

Summary: CVE-2023-48714 affects the Silverstripe Framework. Prior to versions 4.13.39 and 5.1.11, a user who should not see a record could access the record’s title when the record is added to a GridField via GridFieldAddExistingAutocompleter. Impact: potential information disclosure of restricte...

4.3CVSS4.3AI score0.00355EPSS
CVE
CVEadded 2023/04/26 1:57 p.m.44 views

CVE-2023-22728

CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...

4.3CVSS4.4AI score0.00486EPSS