Vulnerabilities > Silverstripe

DATE CVE VULNERABILITY TITLE RISK
2023-04-26 CVE-2023-22729 Open Redirect vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-601
6.1
2023-04-26 CVE-2023-22728 Missing Authorization vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-862
4.3
2023-03-16 CVE-2023-28104 Allocation of Resources Without Limits or Throttling vulnerability in Silverstripe Graphql 4.1.1/4.2.2
`silverstripe/graphql` serves Silverstripe data as GraphQL representations.
network
low complexity
silverstripe CWE-770
7.5
2022-11-23 CVE-2022-37421 Cross-site Scripting vulnerability in Silverstripe
Silverstripe silverstripe/cms through 4.11.0 allows XSS.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38147 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-37429 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-37430 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38145 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38724 Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
network
low complexity
silverstripe CWE-79
5.4
2022-11-22 CVE-2022-38462 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
network
low complexity
silverstripe CWE-79
6.1