6 matches found
CVE-2022-38462
CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...
CVE-2024-53277
The CVE-2024-53277 entry concerns the silverstripe/framework (PHP) and an XSS vulnerability in form messages. Root cause: user-provided content is included in form messages without proper sanitization. Impact: potential to execute arbitrary HTML/JS in a user’s browser. Remediation: upgrade to sil...
CVE-2024-32981
The CVE-2024-32981 issue affects the Silverstripe framework (PHP) used by Silverstripe CMS. It describes an XSS vulnerability where a CMS editor can submit a specially crafted encoded payload that forces a front-end JavaScript injection; client-side sanitisation would not catch it, but server-sid...
CVE-2023-22729
CVE-2023-22729 affects the Silverstripe Framework prior to version 4.12.15 . The issue allows an attacker to cause a login-screen redirect to a third‑party website by enticing a legitimate content author to follow a specially crafted link, effectively an open redirect on the CMSSecurity login pat...
CVE-2023-22728
CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...
CVE-2023-48714
Summary: CVE-2023-48714 affects the Silverstripe Framework. Prior to versions 4.13.39 and 5.1.11, a user who should not see a record could access the record’s title when the record is added to a GridField via GridFieldAddExistingAutocompleter. Impact: potential information disclosure of restricte...