Silverstripe: Security Vulnerabilities
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-23
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-11-22
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-21
Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-21
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-29
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28