Shodan
Vulnerabilities
Vulnerable Software
Silverstripe:  Security Vulnerabilities
CVE-2023-28104
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-16
CVE-2022-42949
Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-12-21
CVE-2022-37421
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
CVE-2022-38147
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
CVE-2022-38145
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-23
CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-23
CVE-2022-38462
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-11-22
CVE-2022-38146
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
CVSS Score
5.4
EPSS Score
0.003
Published
2022-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved