Vulnerabilities > Silverstripe > Assets

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-38724 Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
network
low complexity
silverstripe CWE-79
5.4
2022-06-28 CVE-2022-29858 Improper Authentication vulnerability in Silverstripe Assets
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
network
low complexity
silverstripe CWE-287
4.0