Vulnerabilities > Silverstripe > Framework > 2.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2023-48714 | Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. | 4.3 |
| 2023-04-26 | CVE-2023-22729 | Unspecified vulnerability in Silverstripe Framework Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. | 6.1 |
| 2023-04-26 | CVE-2023-22728 | Unspecified vulnerability in Silverstripe Framework Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. | 4.3 |
| 2022-11-22 | CVE-2022-38462 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | 6.1 |
| 2022-11-21 | CVE-2022-38146 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | 5.4 |
| 2022-11-21 | CVE-2022-38148 | SQL Injection vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | 8.8 |
| 2022-06-28 | CVE-2022-25238 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | 5.4 |