Shodan
Vulnerabilities
Vulnerable Software
Silverstripe:  Security Vulnerabilities
CVE-2022-38148
Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-11-21
CVE-2022-28803
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
CVSS Score
5.4
EPSS Score
0.001
Published
2022-06-29
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-28
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-06-28
CVE-2022-29858
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-06-28
CVE-2022-29254
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-06-09
CVE-2021-28661
Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-10-07
CVE-2021-36150
SilverStripe Framework through 4.8.1 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-10-07
CVE-2020-26136
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved