Vulnerabilities > Silverstripe > Framework > 4.4.7

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-48714 Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system.
network
low complexity
silverstripe CWE-732
4.3
2023-04-26 CVE-2023-22729 Open Redirect vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-601
6.1
2023-04-26 CVE-2023-22728 Missing Authorization vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-862
4.3
2022-11-23 CVE-2022-37429 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-37430 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38724 Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
network
low complexity
silverstripe CWE-79
5.4
2022-11-22 CVE-2022-38462 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
network
low complexity
silverstripe CWE-79
6.1
2022-11-21 CVE-2022-38146 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
network
low complexity
silverstripe CWE-79
5.4
2022-11-21 CVE-2022-38148 SQL Injection vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows SQL Injection.
network
low complexity
silverstripe CWE-89
8.8
2022-06-28 CVE-2022-25238 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
3.5