Vulnerabilities > Silverstripe > Framework > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-48714 Incorrect Permission Assignment for Critical Resource vulnerability in Silverstripe Framework
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system.
network
low complexity
silverstripe CWE-732
4.3
2023-04-26 CVE-2023-22729 Open Redirect vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-601
6.1
2023-04-26 CVE-2023-22728 Missing Authorization vulnerability in Silverstripe Framework
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system.
network
low complexity
silverstripe CWE-862
4.3
2022-11-23 CVE-2022-38147 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-37429 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-37430 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38145 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.
network
low complexity
silverstripe CWE-79
5.4
2022-11-23 CVE-2022-38724 Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.
network
low complexity
silverstripe CWE-79
5.4
2022-11-22 CVE-2022-38462 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.
network
low complexity
silverstripe CWE-79
6.1
2022-11-21 CVE-2022-38146 Cross-site Scripting vulnerability in Silverstripe Framework
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
network
low complexity
silverstripe CWE-79
5.4