Vulnerabilities > Silverstripe > Assets > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-38724 | Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | 5.4 |
| 2022-06-28 | CVE-2022-29858 | Improper Authentication vulnerability in Silverstripe Assets Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | 4.0 |