Vulnerabilities > Silverstripe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-37430 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). | 5.4 |
| 2022-11-23 | CVE-2022-38145 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view. | 5.4 |
| 2022-11-23 | CVE-2022-38724 | Cross-site Scripting vulnerability in Silverstripe Asset Admin and Assets Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS. | 5.4 |
| 2022-11-22 | CVE-2022-38462 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. | 6.1 |
| 2022-11-21 | CVE-2022-38146 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3). | 5.4 |
| 2022-11-21 | CVE-2022-38148 | SQL Injection vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | 8.8 |
| 2022-06-29 | CVE-2022-28803 | Cross-site Scripting vulnerability in Silverstripe In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). | 3.5 |
| 2022-06-28 | CVE-2021-41559 | XML Entity Expansion vulnerability in Silverstripe Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | 6.5 |
| 2022-06-28 | CVE-2022-24444 | Session Fixation vulnerability in Silverstripe Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | 6.4 |
| 2022-06-28 | CVE-2022-25238 | Cross-site Scripting vulnerability in Silverstripe Framework Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | 3.5 |