Lucene search
K

6 matches found

CVE
CVE
added 2022/11/22 12:0 a.m.101 views

CVE-2022-38462

CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...

6.1CVSS5.9AI score0.00472EPSS
CVE
CVE
added 2025/01/14 10:45 p.m.66 views

CVE-2024-53277

The CVE-2024-53277 entry concerns the silverstripe/framework (PHP) and an XSS vulnerability in form messages. Root cause: user-provided content is included in form messages without proper sanitization. Impact: potential to execute arbitrary HTML/JS in a user’s browser. Remediation: upgrade to sil...

5.4CVSS5.3AI score0.00305EPSS
CVE
CVE
added 2024/07/17 7:36 p.m.56 views

CVE-2024-32981

The CVE-2024-32981 issue affects the Silverstripe framework (PHP) used by Silverstripe CMS. It describes an XSS vulnerability where a CMS editor can submit a specially crafted encoded payload that forces a front-end JavaScript injection; client-side sanitisation would not catch it, but server-sid...

5.4CVSS5.3AI score0.00346EPSS
CVE
CVE
added 2023/04/26 2:0 p.m.52 views

CVE-2023-22729

CVE-2023-22729 affects the Silverstripe Framework prior to version 4.12.15 . The issue allows an attacker to cause a login-screen redirect to a third‑party website by enticing a legitimate content author to follow a specially crafted link, effectively an open redirect on the CMSSecurity login pat...

6.1CVSS5.7AI score0.00419EPSS
CVE
CVE
added 2023/04/26 1:57 p.m.46 views

CVE-2023-22728

CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...

4.3CVSS4.4AI score0.00486EPSS
CVE
CVE
added 2024/01/23 1:49 p.m.46 views

CVE-2023-48714

Summary: CVE-2023-48714 affects the Silverstripe Framework. Prior to versions 4.13.39 and 5.1.11, a user who should not see a record could access the record’s title when the record is added to a GridField via GridFieldAddExistingAutocompleter. Impact: potential information disclosure of restricte...

4.3CVSS4.3AI score0.00355EPSS