Silverstripe: >> Silverstripe >> 3.7.5 Security Vulnerabilities
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-09-26
In SilverStripe assets 4.0, there is broken access control on files.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-26
SilverStripe through 4.3.3 allows session fixation in the "change password" form.
CVSS Score
6.3
EPSS Score
0.001
Published
2019-09-25
SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-09-25
SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-25
Page 2